Talk:Code Access Security
This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Comment
Could someone please clearify that CAS / CLR is not a sandbox due to the verifier being incomplete / inexact by design? And that the class-library is not reference-safe? The last change was reverted due to lack of clear examples.
Or could someone post any reference to Microsoft claiming that .NET/CLR would be a sandbox at all? Until then, one should at least remove that claim.
- Here you go: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/wpfsecuritysandbox.asp
- Microsoft has noted that the CLR verifier sometimes rejects safe code as unsafe but I haven't seen any documented claim that it accepts unsafe code as safe.
- Leotohill 01:58, 4 November 2006 (UTC)
Strong names vs. Signatures
Strong names as evidence are not the same thing as X.509 certificate signatures---strong names can be generated from self-created private keys, for instance. See http://msdn2.microsoft.com/en-us/magazine/cc163583.aspx for an example of the difference. Certificates and signatures are a much more involved (and effective) security measure, the entry should probably distinguish them. —Preceding unsigned comment added by 71.168.99.81 (talk) 16:18, 14 April 2008 (UTC)
Obsolete technology?
I think CAS has been obsolete for some time now. See the comments on Microsoft's page here [1]: "CAS is not supported in .NET Core, .NET 5, or later versions. CAS is not supported by versions of C# later than 7.0" -- plus other warnings about not using it. Equinox ◑ 20:04, 24 April 2021 (UTC)