Why shouldn't Strong Naming be used for Security?

爷,独闯天下 提交于 2021-02-07 18:22:13

问题


I've read this claim in many places and had people tell me this directly, but I haven't been able to find a conclusive answer about the full list of reasons why a Strong Name can't be used for security.

I understand the intention of the Strong Name feature is identification rather than security but I'm looking for an explanation of any security problems that can be caused by using Strong Naming for security.

I'd like to know:

  • What the CLR does out-of-the-box with respect to verifying Strong Names of assemblies when loaded.
  • What are the features of Strong Naming that make people try to use it for security.
  • What are the limitations of Strong Naming that make it inappropriate for security.
  • What should we do instead to achieve the security that people use Strong Naming for?

What I'm not looking for:

  • Limitations of Strong Naming with respect to versioning assemblies
  • The problems related to OSS (for example, having to hide the private key and this making it difficult for contributors)

回答1:


The reason people tell you not to use strong naming for security (I assume you mean integrity checking) is that it no longer works.

Since .NET 3.5 SP1, the .NET assembly loader does not validate the integrity of strong name assemblies anymore. If you want to prevent assemblies from being modified on disk, you'll have to use Authenticode.

These links describe the changes, exceptions and the reasons behind it (startup speed):

  • http://blogs.msdn.com/b/shawnfa/archive/2008/05/14/strong-name-bypass.aspx
  • http://www.outercurve.org/blog/2014/03/25/Strongnaming-I-Do-Not-Think-It-Means-What-You-Thin/


来源:https://stackoverflow.com/questions/27180915/why-shouldnt-strong-naming-be-used-for-security

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!