Transparency as Least Privilege- October 30, 2007 In my last post I mentioned that there is a better alternative to RequestRefuse for achieving least privilege. The tool I like to use for least privilege is actually the security transparency model available in v2.0+ of the CLR (and which became the basis of the Silverlight security model). On the desktop CLR, transparent code cannot elevate the privileges of the call stack in any way. Let's take a quick look at how this is enforced: Uverifiable code - if a transparent method contains...http://blogs.msdn.com/shawnfa/archive/2007/10/30/transparency-as-least-privilege.aspx Avoiding Assembly Level Declarative Security- October 2, 2007 I've written in the past about the three assembly level declarative security actions: RequestMinimum, RequestOptional, and RequestRefuse. Although the CLR has supported these since v1.0, I tend to stay away from using them as much as I possibly can, and also recommend that others avoid them as well. Let me go through each one individually: RequestMinimum RequestMinimum is the most common of the three, and in fact is mentioned by a FxCop rule and automatically inserted by the C...http://blogs.msdn.com/shawnfa/archive/2007/10/02/avoiding-assembly-level-declarative-secur... |