为什么不应该将“强命名"用于安全性? [英] Why shouldn't Strong Naming be used for Security?
问题描述
我已经在很多地方阅读了此声明,并让人们直接告诉了我这一点,但是我无法找到关于强名称不能用于安全性的全部原因的结论性答案.
I've read this claim in many places and had people tell me this directly, but I haven't been able to find a conclusive answer about the full list of reasons why a Strong Name can't be used for security.
我了解强名称"功能的意图是标识而不是安全性,但是我正在寻找有关对使用强命名"进行安全性引起的任何安全问题的解释.
I understand the intention of the Strong Name feature is identification rather than security but I'm looking for an explanation of any security problems that can be caused by using Strong Naming for security.
我想知道:
- CLR在加载时验证程序集的强名称时开箱即用.
- 强命名"的哪些功能使人们尝试将其用于安全性.
- 强命名有哪些局限性使其不适用于安全性.
- 我们应该怎么做才能实现人们使用强命名"的安全性?
我不需要的东西
- 关于版本化程序集的强命名限制
- 与OSS有关的问题(例如,必须隐藏私钥,这使贡献者难以承受)
推荐答案
人们告诉您不要对安全性使用强命名(我假设您是指完整性检查)的原因是它不再起作用.
The reason people tell you not to use strong naming for security (I assume you mean integrity checking) is that it no longer works.
自.NET 3.5 SP1开始,.NET程序集加载器不再验证强名称程序集的完整性.如果要防止在磁盘上修改程序集,则必须使用 Authenticode.
Since .NET 3.5 SP1, the .NET assembly loader does not validate the integrity of strong name assemblies anymore. If you want to prevent assemblies from being modified on disk, you'll have to use Authenticode.
这些链接描述了更改,异常及其背后的原因(启动速度):
These links describe the changes, exceptions and the reasons behind it (startup speed):
