[Mono-list] System.Text.RegularExpressions

[Marsh, Drew]

Miguel de Icaza [mailto:miguel@ximian.com] wrote:

> The Reflection.Emit code is the one that should execute the
> "Demand" request while creating an AssemblyBuilder or a 
> ModuleBuilder, so it should be transparent to the Regex engine.

Here's my understanding of how things like this work:

The caller itself may not be able to use Reflection.Emit directly, but
because the assembly that System.Text.RegularExpressions lives in an
assembly which is signed, trusted and given special rights (such as the
right to emit) so it shouldn't matter if the caller has that right.

A scenario may be an application running from the internet zone, which
definitely doesn't have permission to use something like File I/O directly,
using a trusted assembly which *has* been granted that right via it's
publisher's strong name for the machine on the local machine. The trusted
assembly can achieve this in one of two ways:
	* dynamically via FileIOPermission::Assert 
		OR
	* by tagging the assembly (or individual methods) with the
FileIOPermissionAttribute

Now because System.Text.RegularExpressions lives in a system assembly, it's
not really the best candidate for discussion because of course it's trusted
upon installation of the CLR. The conversation becomes more interesting when
it comes to third party components because a much deeper level of trust
comes into play. Do you trust "John Doe's Component Corp." enough to grant
them File I/O access rights?

Like I said this is just my understanding so if any experts are out there
and I'm off on anything, please correct me... and enlighten us all. ;)

Later,
Drew