Click here to monitor SSC

2013 May

Simon Cooper

.NET Security Part 4


Finally, in this series, I am going to cover some of the security issues that can trip you up when using sandboxed appdomains. DISCLAIMER: I am not a security expert, and this is by no means an exhaustive list. If you actually are writing security-critical code, then get a proper security audit of your code […]

28 May 2013 11:14 am by
Tony Davis

Cheating on Technical Debt


One bad practice guaranteed to cause dismay amongst your colleagues is passing on technical debt without full disclosure. There could only be two reasons for this. Either the developer or DBA didn’t know the difference between good and bad practices, or concealed the debt. Neither reflects well on their professional competence. Technical debt, or code […]

23 May 2013 1:30 pm by
Simon Cooper

.NET Security Part 3


You write a security-related application that allows addins to be used. These addins (as dlls) can be downloaded from anywhere, and, if allowed to run full-trust, could open a security hole in your application. So you want to restrict what the addin dlls can do, using a sandboxed appdomain, as explained in my previous posts. […]

16 May 2013 4:51 pm by
Simon Elliston Ball

Big Data: Size isn’t everything


Big Data has a big problem; it’s the word “Big”. These days, a quick Google search will uncover terabytes of negative opinion about the futility of relying on huge volumes of data to produce magical, meaningful insight. There are also many clichéd but correct assertions about the difficulties of correlation versus causation, in massive data […]

10 May 2013 10:58 am by
Simon Cooper

.NET Security Part 2


So, how do you create partial-trust appdomains? Where do you come across them? There are two main situations in which your assembly runs as partially-trusted using the Microsoft .NET stack: Creating a CLR assembly in SQL Server with anything other than the UNSAFE permission set. The permissions available in each permission set are given here. […]

7 May 2013 3:12 pm by
Simon Cooper

.NET Security Part 1

1 comment

Ever since the first version of .NET, it’s been possible to strictly define the actions and resources a particular assembly can use, and, using Code Access Security, permissions to perform certain actions or access certain resources can be defined and modified in code. In .NET 4, the system was completely overhauled. Today, I’ll be starting […]

2 May 2013 4:50 pm by

Blog archive