|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Use of Unrestricted flag ???Dear all,
I have seen in samples following assembly atribute : <Assembly: Security.Permissions.FileIOPermission(Security.Permissions.SecurityAction.RequestOptional, Unrestricted:=True)> What does the Unrestricted Flag means ? regards serge Hi
With Code Access Security permissions, the Unrestricted flag means that (surprisingly) there are no restrictions on accessing the particular resource. For instance, the unrestricted flag on the FileIOPermission means that all files can be accessed. The other state for this permission is to have file and directory access restricted to a particular set of files and directories. For instance, a FileIOPermission could be created that has read access to the C:\ drive, and read/write access to c:\Misc. This would restrict access to those particular resources. Hope this helps Show quoteHide quote "serge calderara" wrote: > Dear all, > > I have seen in samples following assembly atribute : > > <Assembly: > Security.Permissions.FileIOPermission(Security.Permissions.SecurityAction.RequestOptional, Unrestricted:=True)> > > What does the Unrestricted Flag means ? > > regards > serge Unrestricted FileIOPermission confers the ability to read and write any file
on a local or remote drive. Since your particular example is an assembly-level RequestOptional for unrestricted FileIOPermission, it basically ends up causing your assembly to be granted whatever FileIOPermission it is allowed under CAS policy. (Sort of a "I'd like everything, but I'll run with whatever you're willing to give me" result.) Show quoteHide quote "serge calderara" <sergecalder***@discussions.microsoft.com> wrote in message news:7349EA91-D94C-4DF9-A6B4-D6D497E0D49A@microsoft.com... > Dear all, > > I have seen in samples following assembly atribute : > > <Assembly: > Security.Permissions.FileIOPermission(Security.Permissions.SecurityAction.RequestOptional, > Unrestricted:=True)> > > What does the Unrestricted Flag means ? > > regards > serge SOunds not so logic for me.
If we aply to an asembly a security permission that means that we would like forcely to restrict from one way or an other. So why using that Unrestricted flag then, why not simply skip it all if we want to restrict or simply remove the assembly permission IO attribute if we want UNrestricted no ? Show quoteHide quote "Nicole Calinoiu" wrote: > Unrestricted FileIOPermission confers the ability to read and write any file > on a local or remote drive. Since your particular example is an > assembly-level RequestOptional for unrestricted FileIOPermission, it > basically ends up causing your assembly to be granted whatever > FileIOPermission it is allowed under CAS policy. (Sort of a "I'd like > everything, but I'll run with whatever you're willing to give me" result.) > > > "serge calderara" <sergecalder***@discussions.microsoft.com> wrote in > message news:7349EA91-D94C-4DF9-A6B4-D6D497E0D49A@microsoft.com... > > Dear all, > > > > I have seen in samples following assembly atribute : > > > > <Assembly: > > Security.Permissions.FileIOPermission(Security.Permissions.SecurityAction.RequestOptional, > > Unrestricted:=True)> > > > > What does the Unrestricted Flag means ? > > > > regards > > serge > > "serge calderara" <sergecalder***@discussions.microsoft.com> wrote in Not always. For example, sometimes assembly-level permission attributes are message news:06745F79-0C7F-4296-A233-7ED484A12A5B@microsoft.com... > SOunds not so logic for me. > If we aply to an asembly a security permission that means that we would > like > forcely to restrict from one way or an other. used to communicate security information to machine administrators. > So why using that Unrestricted RestrictOptional has the additional property of implicitly rejecting all > flag then, why not simply skip it all if we want to restrict or simply > remove > the assembly permission IO attribute if we want UNrestricted no ? other permissions, so the attribute you gave as an example has more consequences than you seem to think. Also, in the particular case of FileIOPermission, choosing an assembly-level permission attribute can be tricky since the path(s) the application needs to use may only be known at runtime. In such a scenario, a RequestOptional for unrestricted FileIOPermission may be the best of a less than ideal set of choices if one is attempting to develop a least CAS privilege application. It at least gives the administrator the option to set a CAS policy that restricts the application to only those paths it really needs to use. Show quoteHide quote > "Nicole Calinoiu" wrote: > >> Unrestricted FileIOPermission confers the ability to read and write any >> file >> on a local or remote drive. Since your particular example is an >> assembly-level RequestOptional for unrestricted FileIOPermission, it >> basically ends up causing your assembly to be granted whatever >> FileIOPermission it is allowed under CAS policy. (Sort of a "I'd like >> everything, but I'll run with whatever you're willing to give me" >> result.) >> >> >> "serge calderara" <sergecalder***@discussions.microsoft.com> wrote in >> message news:7349EA91-D94C-4DF9-A6B4-D6D497E0D49A@microsoft.com... >> > Dear all, >> > >> > I have seen in samples following assembly atribute : >> > >> > <Assembly: >> > Security.Permissions.FileIOPermission(Security.Permissions.SecurityAction.RequestOptional, >> > Unrestricted:=True)> >> > >> > What does the Unrestricted Flag means ? >> > >> > regards >> > serge >> >> 
Other interesting topics
Digitally sign files from within a web application
how to grant the application the required permission? PGP - recommendations Storing a private key Problem authenticating against renamed Active Directory account API is taking time.... How to encrypt XML with multiple certificates Determine who created a file account shutdown notice account lock by conficker.b |
|||||||||||||||||||||||
