.NET code访问安全性：有用的或只是过于复杂？ [英] .NET Code Access Security: Useful or just overcomplicated?

问题描述

又见是<一个href="http://stackoverflow.com/questions/1566934/is-$c$c-access-security-of-any-real-world-use">$c$c访问安全性的   任何现实世界中使用？

see also Is "Code Access Security" of any real world use?

我希望得到这方面的一些其他观点...

I want to get some other opinions on this...

我喜欢的的主意code使用安全的的桌面应用程序。但是在.NET的有生之年，我必须承认我从来没有真正有一个情况，其中中科院实际上已经封锁事我的利益。

I like the idea of Code Access Security for desktop applications. But in the lifetime of .NET I have to admit I've never actually had a situation where CAS has actually blocked something to my benefit.

我有，然而，有很多次，一些简单的分享快速.NET应用程序跨映射驱动器成为企业code访问的噩梦。有打出来的Caspol.exe创建可信路径规则，并有知道为什么失败的东西使得它看起来就像CAS添加方式更加无奈的开发和部署过程比它提供了在安全没有明确的方法。

I have, however, had many times where something as simple as sharing a quick .NET application across a mapped drive becomes an enterprise code access nightmare. Having to break out caspol.exe to create trusted path rules and having no clear way of knowing why something failed makes it seem like CAS adds way more frustration to the development and deployment process than it offers in security.

我想听听或者某些情况下CAS实际上不是有损于帮助更多的，或者是否有其他人在那里感到失望，目前的执行情况和默认值。

I'd like to hear either some situations where CAS has actually helped more than hurt, or if there are other people out there frustrated with its current implementation and defaults.

推荐答案

在.NET团队他们自身有COMED了同样的结论，大会访问的安全性正在被改写为.NET＃4。看看这个博客的详细信息： .NET安全博客

The .NET team them self have comed to the same conclusion the assembly access security is being reworked for .NET#4. Take a look at this blog for more info: .NET Security blog

这篇关于.NET code访问安全性：有用的或只是过于复杂？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！