T
Tom Dacon
If you're not putting assemblies in the GAC, but are referencing shared code
with copylocal=true into the projects that use them, is there any value to
signing the assemblies?
In the environment I've just begun to work in, there are customer-facing web
sites, internally-accessed maintenance and admin web sites, middle-tier
business logic assemblies, services, and Windows Forms apps that run on the
middle-tier. The policy is to sign the assemblies, but never to place them
in the GAC, even on the production servers.
My question: is there any actual value to signing the assemblies at all?
Presumably there's some assurance at runtime that the assemblies haven't
been compromised, but I'm having a hard time constructing a scenario in
which it pays off.
Any thoughts? Links? Best practices?
Tom Dacon
Dacon Software Consulting
with copylocal=true into the projects that use them, is there any value to
signing the assemblies?
In the environment I've just begun to work in, there are customer-facing web
sites, internally-accessed maintenance and admin web sites, middle-tier
business logic assemblies, services, and Windows Forms apps that run on the
middle-tier. The policy is to sign the assemblies, but never to place them
in the GAC, even on the production servers.
My question: is there any actual value to signing the assemblies at all?
Presumably there's some assurance at runtime that the assemblies haven't
been compromised, but I'm having a hard time constructing a scenario in
which it pays off.
Any thoughts? Links? Best practices?
Tom Dacon
Dacon Software Consulting