[Mono-devel-list] Code Access Security - Initial thought

Paolo Molaro lupus at ximian.com
Fri Dec 19 07:59:06 EST 2003

On 12/18/03 Varga Zoltan wrote:
>   Be advised that implementing CAS makes little sense
> without doing
> a security audit of the runtime and the class libraries.

So? You have to start somewhere and the CAS implementation
can be done completely in parallel with the audit of the runtime.
Complete security requires both auditing of the runtime and CAS, but
this doesn't mean that you can't work on one until the other is
completed. The jit does many checks of the consistency of the IL code
and they are useless from a security point of view until CAS is 
implemented: the CLR is a large system and pieces of it can well be
developed independently until they all fit together.


lupus at debian.org                                     debian/rules
lupus at ximian.com                             Monkeys do it better

More information about the Mono-devel-list mailing list