[Mono-devel-list] Code Access Security - Initial thoughts
Ben
benjaminwootton at hotpop.com
Thu Dec 18 11:37:28 EST 2003
Here are my very early thoughts on how code access security would be
implemented.
1. Start off by specifying permission request/denials declaratively (as
attributes) at the assembly level.
2. The assembly metadata is checked at load time. Requests for certain
permissions, such as LinkDemand, will be made here.
3. When other demands are made, the we call into the runtime and asks for
permissions for each item on the call stack. Initially, all requests are
accepted. It's then a matter of discussing how to distinguish code based
on evidence, administrator defined code groups etc. This logic can then be
reponsible for throwing any exceptions on faliures.
4. Add the concept of assertions to the stack walking code, for efficiency.
Any comments, or pointers to relevant code? I'm still getting to grips
with the mono code....
Thanks
Ben
More information about the Mono-devel-list
mailing list