O'Reilly logo

Improving Web Application Security: Threats and Countermeasures by Microsoft Corporation

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Code Access Security

All managed code is subject to code access security permission demands. Many of the issues are only apparent when your code is used in a partial trust environment, when either your code or the calling code is not granted full trust by code access security policy.

For more information about the issues raised in this section, see Chapter 8.

Use the following review points to check that you are using code access security appropriately and safely:

  • Do you support partial-trust callers?

  • Do you restrict access to public types and members?

  • Do you use declarative security?

  • Do you call Assert?

  • Do you use permission demands when you should?

  • Do you use link demands?

  • Do you use Deny or PermitOnly?

  • Do you use particularly dangerous permissions?

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required