With the coming Rich Internet Applications (RIA), the Web 2.0 and all the buzz, one of my research projects is to map out specific issues with the .NET Framework 3.0. Some of the goals are:
- to provide security guidance to clients
- to automate more code analysis around the .Net Framework 3.0 object model
.NET Framework V2.0 Obsolete API List
These lists identify all of the APIs which are obsolete in the .NET Framework V2.0.
http://msdn2.microsoft.com/en-us/netframework/aa497286.aspx
When to add an assembly to the GAC
The GAC (Global Assembly Cache) is all-powerful, giving system-wide access to assemblies. It is after all, the machine-wide repository for shared assemblies. The GAC is not the place you want to go installing any old assembly you create. Here are some general guidelines for when to “consider” adding an assembly to the GAC.
- when many applications will need access to your assembly
- when your assembly specifically requires the features that the GAC provides (such as integrity checking and versioning)
Simple enough… in essence, avoid installing to the GAC because your assembly will be highly exposed, and any flaws in your code will be much more exploitable.
For more information check the MSDN docs “Working with Assemblies and the Global Assembly Cache” http://msdn2.microsoft.com/en-us/library/6axd4fx6(VS.80).aspx
Hi Chris
This is a great project.
Have you looked at MS’s Channel 9’s .Net security section. There is so much good information in there, that I would start by listing what you think should be in there and is not (and the bits that are not in there is where you should focus on)
Good luck
Dinis Cruz
Chief OWASP Evangelist
http://www.owasp.org
Comment by Dinis Cruz — January 24, 2007 @ 2:59 am