Cook Computing

CAS Part I Im attending

April 10, 2002 Written by Charles Cook

CAS Part I
Im attending a DevelopMentor course this week Intensive .NET. Today we covered Code Access Security in great depth. Its a great security model for stopping rogue applications from doing things you dont want them to do. Unfortunately the current default for applications running locally from the hard disk on your machine is full trust, whereas on the other hand, Microsoft perversely changed the default for applications running from the Internet in .NET SP 1 so that they have no permissions and cannot run even in the Internet zone sandbox. This is a problem because it is much easier for someone to download such an application to disk, and so run it with full trust, than it is to configure the application to run safely from the Internet.

In the class we discussed the issue of how to install and configure an application so it only has the minimum set of necessary permissions or possibly only those permissions that the user trusts it to run with. Getting a typical user to run the mscorcfg MMC snap-in or even worse the command line program caspol is not realistic. One suggestion was that the application vendor supplies some an installation package which runs with sufficient permissions (for example as unmanaged code) to set the permissions of the application being installed. But this does not really make much sense from a security point of view (even though this is essentially what Microsoft is suggesting you do to give downloadable smart clients permissions).