April 2005 - Posts - Willy-Peter Schaub's Cave of Chamomile Simplicity

April 2005 - Posts

Wednesday, April 20, 2005 6:41 PM

New Quick Reference Posters on www.drp.co.za

We have posted two new quick reference posters "Best Practices Patterns Integration" and "Best Practices Patterns Hubspoke" on
http://www.drp.co.za/default.asp?id=technologies/content_technologies_MSGeneral, both of which are concerned with Integration Patterns.

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!
Posted by willy with no comments
Filed under: , ,
Sunday, April 17, 2005 5:36 PM

Why is System.Object important to .NET Designers and Developers ... here is our view on it ...

We recently published an overview of strong names which we believe is relevant to analysts and developers alike. Similarly the System.Object class is of interest to architects, designers and developers, but is probably just as unknown, which is a scary concept as it is the mother of all .NET objects and thus the root of the type hierarchy.

Refer to http://www.saarchitect.net/viewarticle.aspx?articleID=220 for the comlete article.

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!
Posted by willy with no comments
Filed under: , ,
Wednesday, April 06, 2005 2:56 PM

What is a Strong Name seems a common questions ... here is our view on it ...

A strong name is a reliable .NET assembly identifier, comprised of the assembly’s simple text name, version number, culture, public key and a digital signature. The latter two are generated with the strong name (sn) tool, while the remainder is part of the assemblies manifest … usually specified in the AssemblyInfo source file.

 

But why should we bother? A strong name reduces the possibility of modifying or impersonating an assembly, which can be intentional (hacking) or unintentional (oops copied wrong assembly). If security and reliability is on your menu, you must seriously consider spicing your meal with strong naming.

 

How does it work? When an assembly calls a strong named assembly the runtime compares the key stored in the referencing assembly’s manifest. If there is a mismatch due to tampering or the “oops” factor, the runtime will fail the load. If there is a match the caller has the guarantee that the referenced assembly has not been tampered with.

 

Any other uses? A strong name can also be used to check the caller, i.e. a referenced assembly can verify that the caller is a unique caller using LinkDemand enforcement. Also, if you want to register you assembly with the global assembly cache (GAC), you will have to strong name your assembly. Once your assembly is at home in the GAC the assembly can be shared amongst consumers, multiple versions can be hosted and the life of the administrator can potentially be simplified.

 

Any gotchas? An unsigned assembly can reference both an unsigned and a signed assembly. However, a signed assembly can only reference a signed assembly. This is actually a security advantage; however, for users of frameworks such as the Microsoft Application Blocks and the Enterprise Library the need to sign and manage the frameworks can be a challenge. Also note that by default only fully trusted assemblies can call strong-named assemblies.

 

If there is a need to call signed assemblies from partially trusted assemblies you need to dig into the AllowPartiallyTrustedCallers assembly attribute, which should be used with a pinch of care as it introduces an opportunity for abuse of the GAC by malicious applications.

 

Is it a good thing ... in most cases yes.

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!
Posted by willy with 4 comment(s)
Filed under: , ,