[Mono-list] ClickOnce?
Kornél Pál
kornelpal at hotmail.com
Wed Jun 8 10:42:33 EDT 2005
> Actually I'm pretty sure so-called NTD is mostly an Internet Explorer
> feature, mostly disjoint from the runtime itself. It's actually somewhat
> annoying when you're trying to distribute a .NET executable that cannot be
> run without full trust. For instance, if you have a Windows system with
> Internet Explorer and .NET installed at your disposal, try just plain left
> clicking on the link for mode13.exe in the following directory listing:
It has some relations to IE but it is a feature of .NET Framework. You are
right it may be very annoying when you are not able to execute an exe
because it requires full trust but in fact it is for you security.:)
The infrastructure itself is provided by .NET Framework because you can
specify code access security based on the origin of the code as well.
Internet Exploer interacts with .NET Framework because it has to tell the
runtime the origin of the code. Actually it is executed from the browser
cache (Temporary Internet Files) but the runtime knows the actual CodeBase
URL of the assembly and it can apply the appropriate security rules
according to your configuration files that can be changed if you want to
grant full trust to all of the code that you are executing from other
machines.
And because the runtime knows the CodeBase of the assembly it can download
all of it's dependent assemblies as well.
So this is a feature of runtime in fact but integrates with Internet
Explorer. And there will be no question whether you want to execute the code
because it is safe to execute as it has no full trust. I think this is good.
Of course this causes exceptions when the code requires full trust. In this
case you have the ability to right click the file and save it to your hard
drive. Windows XP SP2 the will as you for permission to execute it because
it comes from an other computer (you can disable this warning) and will
execute it using full trust (if you did not change the default security
policy of .NET). But you have to download all of it's dependencies because
CodeBase will be your hard drive in this case.
Click Once is a feature of .NET Framework 2.0 that is a built-in installer
and lets you to download the application to your computer.
Now I think you can see that neither of these technologies are depending on
CAS but can save you against malicious code by setting CodeBase to an URL on
a remote computer. In case of "No Touch" this is applied to the application
and in case of "Click Once" this is applied to the installer.
Kornél
More information about the Mono-list
mailing list