Secure by default?

Continuing with my rebuttal of Shawn’s listing of reasons for forcing full trust of assemblies in the GAC…

2.a) “By side-effect, assemblies in the GAC did already receive FullTrust.”

Under default policy only. I’d be one of the first to argue that this default policy is probably too permissive, but it’s a little late in the game for that. At least those of us who don’t like the default policy can alter it so that not all locally installed code is fully trusted. Forcing full trust of all assemblies in the GAC would deny us that possibility.

2.b) “The only way that you could change this would be to either not grant MyComputer FullTrust, or create an exclusive code group that matched the strong name of the assembly and granted less trust.”

Yup. I run almost all my machines (both desktops and servers) with only SecurityPermission\Execution granted to the My_Computer_Zone code group. It causes the occasional bit of pain, but I prefer it to the alternative.

Leave a Reply

Your email address will not be published. Required fields are marked *