IDesign C#编码规范(之十)_Asp.Net安全和加密
日期:2008-07-29 浏览次数:20544 次
4.6 安全 Security
1. 总是使用强名称发布代码,该名称对于该应用程序而言是私有的,对于你是公有的。
Always demand your own strong name on assemblies and components that are private to the application, but are public(so that only you use them).
public class PublicKeys
{
public const string MyCompany = “55555555588888888ddddddddd”;
}
[StrongNameIdentityPermission(SecurityAction.LinkDemand, PublicKey = PublicKeys.MyCompany)]
public class MyClass
{}
2. 对应用程序配置文件要实施加密和安全保护。
Apply encryption and security protection on application configuration files.
3. 当引入一个互操作方法时,要断言不可控代码操作允许,并且声明相应的允许权限。
When importing an interop method, assert unmanaged code permission, and demand appropriate permission instead.
[DllImport(“user32”, Entrypoint = “MessageBoxA”)]
private static extern int Show(IntPtr handle, string text. String caption, int msgType);
[SecurityPermission(SecurtiyAction.Assert, UnmanagedCode = true)]
[UIPermission(Security.Demand, Window = UIPermissionWindow.SafeTopLevelWindows)]
public static void Show(string text, string caption)
{
Show(IntPtr.Zero, text, caption,0);
}
4. 不要通过SuppressUnmanagedCodeSecurity属性来抑制不可控代码的访问。
Do not suppress unmanaged code access via the SuppressUnmanagedCodeSecurity attribute.
5. 不要使用TlbImp.exe这个不安全转换程序。将CCW包含于可控代码内,使你可以断言和授权。
Do not use the /unsafe switch of TlbImp.exe. Wrap the CCW in managed code so that you could assert and demand permissions declaratively on the wrapper.
6. 在服务器端发布代码访问策略,授权给Microsft, ECMA和自身为全信任。
On server machines deploy access-code security policy that grants only Microsft, ECMA and self(identified by stong name) full trust.
其他代码可以显示的授权为nothing。
a) All other code is implicitly granted nothing.
7. 在客户端服务器,发布安全策略授权给客户端应用程序,使其有权回调服务器端程序并且能够潜在的显示用户界面。
On client machine, deploy a security policy which grants client application only the permissions to call back the server and to potentially display user interface.
客户端的应用程序应该予以强名称坚定。
a) Client application identified by strong name.
8. 在权限集水平总是拒绝权限,因为在附近不能被请求去执行任务。
Always refuse at the assembly level all permissions not required to perform the task at hand.
A) to counter a luring attack.
[assembly: UIPermission(SecurityAction.RequestRefuse, Window = UIPermissionWindow.AllWindows)]
9. 总是在每一个Main()方法里对Windows应用principal策略
Always set the principal policy in every Main() method to Windows.
public class MyClass
{
static void Main()
{
AppDomain currentDomain = Thread.GetDomain();
currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
}
//other methods
}
10. 在没有要求一个不同的权限的情况下,不可断言一个权限。
Never assert a permission without demanding a different permission in its place. See Chapter 12 in Programming .NET Components.
1. 总是使用强名称发布代码,该名称对于该应用程序而言是私有的,对于你是公有的。
Always demand your own strong name on assemblies and components that are private to the application, but are public(so that only you use them).
public class PublicKeys
{
public const string MyCompany = “55555555588888888ddddddddd”;
}
[StrongNameIdentityPermission(SecurityAction.LinkDemand, PublicKey = PublicKeys.MyCompany)]
public class MyClass
{}
2. 对应用程序配置文件要实施加密和安全保护。
Apply encryption and security protection on application configuration files.
3. 当引入一个互操作方法时,要断言不可控代码操作允许,并且声明相应的允许权限。
When importing an interop method, assert unmanaged code permission, and demand appropriate permission instead.
[DllImport(“user32”, Entrypoint = “MessageBoxA”)]
private static extern int Show(IntPtr handle, string text. String caption, int msgType);
[SecurityPermission(SecurtiyAction.Assert, UnmanagedCode = true)]
[UIPermission(Security.Demand, Window = UIPermissionWindow.SafeTopLevelWindows)]
public static void Show(string text, string caption)
{
Show(IntPtr.Zero, text, caption,0);
}
4. 不要通过SuppressUnmanagedCodeSecurity属性来抑制不可控代码的访问。
Do not suppress unmanaged code access via the SuppressUnmanagedCodeSecurity attribute.
5. 不要使用TlbImp.exe这个不安全转换程序。将CCW包含于可控代码内,使你可以断言和授权。
Do not use the /unsafe switch of TlbImp.exe. Wrap the CCW in managed code so that you could assert and demand permissions declaratively on the wrapper.
6. 在服务器端发布代码访问策略,授权给Microsft, ECMA和自身为全信任。
On server machines deploy access-code security policy that grants only Microsft, ECMA and self(identified by stong name) full trust.
其他代码可以显示的授权为nothing。
a) All other code is implicitly granted nothing.
7. 在客户端服务器,发布安全策略授权给客户端应用程序,使其有权回调服务器端程序并且能够潜在的显示用户界面。
On client machine, deploy a security policy which grants client application only the permissions to call back the server and to potentially display user interface.
客户端的应用程序应该予以强名称坚定。
a) Client application identified by strong name.
8. 在权限集水平总是拒绝权限,因为在附近不能被请求去执行任务。
Always refuse at the assembly level all permissions not required to perform the task at hand.
A) to counter a luring attack.
[assembly: UIPermission(SecurityAction.RequestRefuse, Window = UIPermissionWindow.AllWindows)]
9. 总是在每一个Main()方法里对Windows应用principal策略
Always set the principal policy in every Main() method to Windows.
public class MyClass
{
static void Main()
{
AppDomain currentDomain = Thread.GetDomain();
currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
}
//other methods
}
10. 在没有要求一个不同的权限的情况下,不可断言一个权限。
Never assert a permission without demanding a different permission in its place. See Chapter 12 in Programming .NET Components.
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
