What is the security concern here?

[Marni]

Regarding

SuppressUnmanagedCodeSecurityAttribute

The help system says that we must be carefull that our code
can use the api in a bad way? What does this mean, malicious
code can be written in VB, what's the difference, if I want
to write a program that will erase the hard disk I can do it
anyway, with or without this attribute, please explain meaning
of this?

 

[W.G. Ryan eMVP]

You can add security demands for your methods which is something that you
should do. In order to have a language of any value it has to be able to do
things that could be harmful since harmful couldn't possibly be determined
in every context in advanced. What it does do is stop OTHER People from
doing stuff with your assembly that you don't want them to do. Sure, I can
write a function to delete a bunch of files, but what if your assembly has
more privileges than do other ones? Would you really want that exposed so
someone could reference it and do bad stuff with it? Remember that in many
scenarios you may be running in multiple security contexts - so my assembly
might be sitting on an application server that you as a programmer don't
have access to unless it's through my assembly. If I don't safeguard it
then you can conceivably reference it, and do all sorts of evil stuff with
it. Besides, if your company doesn't restrict what can run and you really
can write and deploy a program that can wipe a hard drive, then someone else
with worse intentions can do the same - your sysadmin should really limit
that...