MSDN FileSystemWatcher类示例中PermissionSet属性的用途是什么? [英] What is the purpose of the PermissionSet attribute in the MSDN FileSystemWatcher class example?
问题描述
在"MSDN FileSystemWatcher类"页面上,它包含带有以下类属性的示例:
On the MSDN FileSystemWatcher Class page, it includes an example with the following class attribute:
[PermissionSet(SecurityAction.Demand, Name="FullTrust")]
这是什么目的?什么时候应该包含或不包含它?
What is the purpose of this? When should it be included or not included?
FileSystemWatcher类帮助页面在这里: http://msdn.microsoft.com/en-us/library/system.io.filesystemwatcher.aspx
The FileSystemWatcher Class help page is here: http://msdn.microsoft.com/en-us/library/system.io.filesystemwatcher.aspx
推荐答案
The FileSystemWatcher class has a link demand for unrestricted CAS permissions. This means that it will verify that its direct caller (i.e. your code, if you're consuming the class directly) has unrestricted permissions.
不幸的是,使用链接需求会打开潜在的安全漏洞,因为链接需求不会验证间接调用方(即调用您代码的代码)的权限.这意味着具有受限权限的间接调用者可能能够操纵您高度信任的代码,使其代表其进行有害的操作,否则该代码将没有权限来完成该操作.
Unfortunately, use of a link demand opens up potential security holes since the permissions of indirect callers (i.e. code that calls your code) are not verified by a link demand. This means that an indirect caller with restricted permissions may be able to manipulate your highly trusted code into doing something nefarious on its behalf that it would otherwise not have had the permissions to accomplish.
防止此类攻击的一种方法是,将自己对相同权限的全部需求应用于任何消耗具有链接需求的类型或成员的代码.这将确保任何间接调用者都将受到相同的许可要求,从而确保他们无法通过您的代码执行无法独自执行的任何操作. FileSystemWatcher的MSDN示例代码演示了这种完全需求的应用.
One of the ways to prevent an attack of this sort is to apply your own full demand for the same permission to any code that that consumes a type or member with a link demand. This will ensure that any indirect callers will be subjected to the same permission demand, thereby ensuring that they cannot do anything via your code that they would not have been able to do on their own. The MSDN sample code for the FileSystemWatcher demonstrates the application of this sort of full demand.
这篇关于MSDN FileSystemWatcher类示例中PermissionSet属性的用途是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
