about code Access security(CAS)

T

Tony Johansson

Hi!

I'm reading a book from Microsoft Press (exam 70-536) and it says something
that you might have an answer to.
It says " CAS can be used either declaratively, in which case the compiler
perform security check prior to running code, or imperatively, in which case
the code itself perform security checks and controls what happens if the
checks fails."

I mean it must be the runtime that perform the security check before
actually having started the application ?

//Tony
 
A

Alberto Poblacion

Tony Johansson said:
It says " CAS can be used either declaratively, in which case the compiler
perform security check prior to running code, [...]"

I mean it must be the runtime that perform the security check before
actually having started the application ?
Click to expand...

Yes, you are right. The security check is performed by the runtime, not
by the compiler. The compiler merely embeds the attributes into the
executable file; it's the runtime the one that performs the checks when the
program is launched.
 
P

Peter Duniho

Tony said:
Hi!

I'm reading a book from Microsoft Press (exam 70-536) and it says something
that you might have an answer to.
It says " CAS can be used either declaratively, in which case the compiler
perform security check prior to running code, or imperatively, in which case
the code itself perform security checks and controls what happens if the
checks fails."

I mean it must be the runtime that perform the security check before
actually having started the application ?
Click to expand...

I can think of at least three security checks that could be implemented:

• link demands, which are checked during JIT compilation
• method security requirements, which are checked when the method is
called
• inline security demands, explicitly stated in the code

To make matters more complicated, there's a new design in .NET 4.0 that
I don't yet fully understand. Ostensibly it's supposed to make things
simpler, but everything I read about it involves the use of the word
"transparent" (and variants) in a way that doesn't make sense to me
(obviously not up on the latest security jargon!).

Anyway, I believe what the text you're reading is talking about is
describing is the difference between applying an attribute to an
assembly, class, or member (i.e. "declaratively"), and an explicit call
to some security demand (i.e. "imperatively"). Either can be used, and
either can accomplish specific security goals. Only certain kinds of
checks are/need to be done "before actually having started the application".

Pete
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Application Security Code Access sequrity(CAS) 3
about CAS(code access security) 1
What does it mean with legacy code 2
Exception handling in unManaged code when being called from managed code 3
A Review question from the Microsoft book(exam 70-536) 6
About Application Security(Code Access Security). It dosn't show correct output 3
MemberInfo derived classes 1
Is this text from Microsoft press really correct(exam 70-536) 6

Top