Using Appdomains to Secure Unmanaged Clients
Appdomains serve another vital role in securing a hosted environment. Normally, code access security is enforced on a per-assembly basis (each assembly is assessed by the policy system to determine the level of trust to be granted and assigned permissions accordingly). But what happens when control is coming from a partially trusted environment outside the scope of the runtime?
Take the example of script running in an HTML Web page within the user's browser. This simple, non-.NET Framework aware script (JavaScript or VBScript, for example) can nevertheless instantiate and invoke method calls on managed objects because all managed objects are marked, by default, as safe for scripting (as long as the ...
Get .NET Framework Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
