O'Reilly logo

.NET Framework Security by Kevin T. Price, Rudi Martin, Matthew Lyons, Sebastian Lange, Brian A. LaMacchia

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Modifying a Stack Walk

So, say the author of MyDatabase comes along and, having read all about good security practices, rewrites BackupDatabase to be secure. The filename parameter is removed and the backup is written to a known location controlled solely by the MyDatabase assembly, with no input from external sources.

The security demand will still fail, if the caller of BackupDatabase is untrusted to write whatever file the underlying implementation is using. This is probably not the intended effect; the author of BackupDatabase wants to write the backup on behalf of the user, even if that user is otherwise untrusted. This is where the stack walk modification operators come in.

These operations (Assert, Deny, and PermitOnly) are methods defined ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required