|
I've not actually dealt with projects that required a formal signing procedure, but I believe the normal development-cycle approach is to have an internally-generated key which has fairly loose controls on it (not publicized, but freely available to everyone in the department), and configure all of the machines that will be used for development to accept it as a root-level key. Thus, all machines which are configured to accept that key will regard any assemblies signed with it as genuine; keys which have not been so configured will regard such assemblies as dubious.
|
|
|
|
|
Signing with strong name just ensures that your assmebly has not been tampered with after it has been deployed as CLR validates strong name while loading the assembly. But you can not trust the operations done by that code. Strong names are secure as long private key with which assembly was signed is kept secured.
When you sign the assembly with private key what is does is it encrypts hash of the assembly and embeds it with assembly alongwith public key. When a calling assembly invokes it, it first decrypts the hash with public key, then recomputs the hash from dll and compares it with decrypted has. If both match, then only assembly is loaded, else it wont be loaded.
Ravindra Sadaphule
MCSD.NET
|
|
|
|
|
Consider,
Dim t As TextBox
t = New TextBox
t.Name = "t_1"
Me.Controls.Add(t)
>The above code creates an object of a textbox(class) with name=t_1
Now I add a textbox(name=TextBox2) to the form. Now, can I create another instance of TextBox2?
To achieve this I tried the following...
Dim t2 As TextBox
t2 = New TextBox
t2 = TextBox2
t2.Location = New Point(100, 100)
Me.Controls.Add(t2)
>The above code creates a textbox same as TextBox2 in location (100,100). But now TextBox2 has vanished from its original location.
...any suggestions?
Eagerly awaiting your reply...
|
|
|
|
|
Kent Pawar wrote: Now, can I create another instance of TextBox2?
You create instances of a class. TextBox2 is an object, and assigning t2 to TextBox2 makes both of them refer to the same TextBox instance. If you want to create another instance of TextBox with the same properties as TextBox2, you'll have to find a way to Clone[^] it. If you are only interested in a specific set of properties, you can do
Dim t2 As TextBox
t2 = New TextBox
t2.Text = TextBox2.Text
t2.Location = TextBox2.Location
...
...
|
|
|
|
|
Thanks..
I later wanted to create multiple copies of a group of objects;so I created a usercontrol(class) of these objects and created objects of it.
|
|
|
|
|
Hi everyone ,
could anyone tell me what happens when i Add reference
from a dll to my project ? does it only add switch to csc.exe compiler or more than that?
do my referenced dll's list phyisically reside in some project file(s)?
|
|
|
|
|
Visual Studio adds an entry to the .csproj file. The referenced assembly becomes a dependency to the project, so the next time you build the project, it builds the dependencies first, copies the assemblies locally and then builds the current project, providing the list of referenced assemblies to csc.exe via the /r switch.
|
|
|
|
|
thanks man , your answer hits the spot
|
|
|
|
|
Technically, Visual Studio doesn't use CSC.exe, but yes, the main thing add reference does is add that dll to the what gets compiled.
It also allows Visual Studio to provide intellisence for members of that assembly.
|
|
|
|
|
|
PIEBALDconsult wrote: Visual Studio doesn't use CSC.exe,
Surely you meant "doesn't directly use"? MSBuild will have to use the compiler one way or the other.
|
|
|
|
|
I expect CSC and MSBUILD call the same classes and methods, but neither calls the other.
|
|
|
|
|
Visual Studio does indeed use CSC (and LC). You can see this in your Build Output panel.
|
|
|
|
|
I can see it even more clearly by renaming CSC and trying to build in VS (2005 and 2008 anyway).
So where did I hear that it doesn't?
Oh well, my bad.
|
|
|
|
|
Hello,
I have a requirement of modifying the datasource of crystal report as per user select option from form. As records per each selection are too much which reduces the performance of application, so I need to do in this way. I tried to change the datasource by setting setdatasource command but it doesn't refresh the data in report.
Thanks in advance
Regards
Ali Raza
|
|
|
|
|
Don't cross post. It's considered rude. Pick a forum and stick to it.
|
|
|
|
|
I have been trying to come up with a way to manage string security in .NET. The whole idea of a SecureString is nice, but the way it works in .NET right now is atrocious...it just doesn't really provide any value given how it is such a pain to work with. I wrote the following extension to System.String...curious what others think:
public static class StringExtensions
{
const string OVERWRITE_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-=~!@#$%^&*()_+";
const int MAX_OVERWRITES = 3;
public static unsafe void SecureWipe(this String str)
{
if (str == null)
return;
Random rnd = new Random();
int maxRnd = OVERWRITE_CHARS.Length;
int maxLen = str.Length;
fixed (char* c = str)
{
for (int r = 0; r < MAX_OVERWRITES; r++)
{
for (int i = 0; i < maxLen; i++)
{
char rndChar = OVERWRITE_CHARS[rnd.Next(maxRnd)];
c[i] = rndChar;
}
}
for (int i=0; i < maxlen; i++)
{
c[i] = '\0';
}
int* len = (int*)c;
len[-1] = 0;
}
}
}
I know its possible for the .NET framework to create copies of a string in internal framework methods...nothing I can do about that, and when you need to display a string, SecureString doesn't solve that problem either. But at least with something like this...you can wipe the copy that hackers are most likely to get.
Thoughts? Improvements? Reasons why it won't work?
|
|
|
|
|
I'm not able to say if there are scenarios when this wouldn't work (concerning internal memory handling), but as far as I can see, looks very good.
Now you've chosen to do this as an extension, which is good since it can be used for any string. However, would there be a point if you also create a wrapper class for this kind of strings. With the wrapper you could possibly have more control over the string usage and behaviour. For example you could have separate mechanisms to show the string or to modify the string etc.
|
|
|
|
|
Indeed, to make it truely viable it would probably need to be a wrapper class, or perhapse have both the SecureWipe extension and a SecureString that handles copy, concat, etc.
|
|
|
|
|
I think this would be a bit of a nightmare to manage since string operations usually end up creating more strings. A simple concantenation leaves to the initial strings intact and creates a third. Instead of a string automatically wiping itself at the end of its life, you have to manage that for each and every instance of a secured string.
|
|
|
|
|
It is easy enough to add more extensions, such as SecureCopy, SecureCat, SecureModify, etc. that automatically wipe the old versions after the new is created. It might be better to have a whole SecureString class for it rather than extensions, though.
|
|
|
|
|
Yeah, what they said.
Plus I would make the Random a static member of the class rather than creating a new one on each call.
I might also use a cryptographic randomizer instead of Random.
However, I expect you may be tryingto fix a non-existant problem.
Jon Rista wrote: the way it works in .NET right now is atrocious
Please explain.
|
|
|
|
|
Its atricuous because once the data is in a SecureSring, there is no real way to use it outside of unmanaged code and BSTR...and I try hard to avoid unmanaged code in my projects.
It is entirely possible I am trying to solve a non-existent problem. I was just experimenting.
|
|
|
|
|
Its atricuous because once the data is in a SecureSring, there is no real way to use it outside of unmanaged code and BSTR...and I try hard to avoid unmanaged code in my projects.
The string object is supposed to be immutable; using funny tricks to alter existing string objects is bad mojo since there's generally no way of guaranteeing what references may exist to any particular string.
For example, a display routine might decide to keep a cache of strings that have been displayed and their associated bitmaps. Thus, I call the routine to display the word "FOO" and it keeps a reference to the string along with a copy of its bitmap implementation. If the string is later altered to say "BAR", and the routine is later called to display the word "BAR", it may notice that it has "BAR" in its cache and display the cached bitmap (which happens to look like the word "FOO").
If there were more class methods and properties that could operate with StringBuilder objects, then those could be the basis for a semi-secure-string type. Unfortunately, very few classes can accept a StringBuilder directly; nearly all would require first converting it to a normal String, which would in turn throw security out the window.
|
|
|
|
|
supercat9 wrote: nearly all would require first converting it to a normal String, which would in turn throw security out the window.
Correct, which is why I was messing with the idea of wiping the string itself. I basically decided the idea was pointless once someone mentioned interned strings. If a string is interned, there is no real way to know how many references it has, and since an interned string will live for the duration of an applications execution, you'll definitely end up with problems.
|
|
|
|