我要我的交融安全的代码与我的不安全的代码？ [英] Should I mingle my safe code with my unsafe code?

问题描述

我正在使用一堆WIN32 API调用和需要一些不安全的代码的项目。从最佳实践的角度来看，我应该隔离在其自己的DLL的代码与/不安全编译开关，同时保持我的主应用程序安全吗？

I'm working on a project that uses a bunch of WIN32 API calls and requires some unsafe code. From a best practices standpoint should I isolate this code in its own DLL compiled with /unsafe switch while keeping my main application safe?

要换个说法。有什么理由不编译与/不安全开关项目？是否有任何潜在的风险？

To put it another way. Is there any reason not to compile a project with the /unsafe switch? Are there any potential risks?

推荐答案

组件时定义的最小单位独立进行版本控制，在.NET可再发行代码。因此，我会问自己的第一个问题是：我是永远会想使不安全的代码的新版本，并独立地分配它我的应用程序吗？

An assembly is by definition the smallest unit of independently versionable, redistributable code in .NET. Therefore the first question I would ask myself is "am I ever going to want to make a new version of the unsafe code and distribute it independently of my application?"

如果答案是肯定的，然后通过各种手段，把在自己的汇编代码。

If the answer is yes, then by all means, put that code in its own assembly.

如果答案是否定的，然后再考虑其他因素。例如，在经典.NET安全你可以在同一个AppDomain的不同信任级别运行不同的组件。 （在现代CLR系统简单得多，只是有完全信任的代码和其他一切在信任的授予程序域的水平上运行。）您的代码，做了不安全的需求得到充分信任的，但代码，只需调用如果不安全的代码断言正确的权限集可能是不太可信的。

If the answer is no, then consider other factors. For example, in "classic" .NET security you can have different assemblies running at different levels of trust in the same appdomain. (In the modern CLR the system is much simpler, there is just fully trusted code and everything else runs at the level of trust granted to the appdomain.) Your code which does something unsafe needs to be fully trusted, but the code which simply calls it could be less trusted if the unsafe code asserts the correct set of permissions.

您永远将是在您的安全代码是部分受信任的情况呢？如果是这样，然后通过各种手段，把不安全的代码在自己组装，然后记录这个总成必须完全可信的。

Are you ever going to be in a situation where your safe code is partially trusted? If so, then by all means, put the unsafe code in its own assembly, and then document that this assembly must be fully trusted.

如果你在那些你不的情况下，各种各样的话，我就不会倾向于把我的不安全的代码在自己组装。

If you're not in those sorts of situations then I would not be inclined to put my unsafe code in its own assembly.

我不过倾向于在上面写一个愉快的托管对象模型我非托管代码，而不是简单地暴露原始的Win32调用。例如，有一天我需要调用一些强名称验证的Win32 API从C＃和我只是掀起了暴露他们很好有点库，抽象掉所有讨厌的互操作细节类的私有内部。

I would however be inclined to writing a pleasant managed object model on top of my unmanaged code, rather than simply exposing raw win32 calls. For example, the other day I needed to call some of the strong name verification win32 apis from C# and I just whipped up a little library that exposed them nicely, abstracting away all the nasty interop details to the private interior of the class.

这篇关于我要我的交融安全的代码与我的不安全的代码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！