[Mono-list] ClickOnce?

Wed Jun 8 10:49:07 EDT 2005

> Now I think you can see that neither of these technologies are depending on
> CAS but can save you against malicious code by setting CodeBase to an URL on
> a remote computer. In case of "No Touch" this is applied to the application
> and in case of "Click Once" this is applied to the installer.

Neither of these technologies depend on CAS, but, if I understand
correctly they were created in the first place for reasons to do with
CAS - in fact, to get round security limitations that CAS imposes.

Surely there is not much merit in having this technology until CAS
support is fully mature as it is designed to be a helper to run the
app with full trust?

Martin

On 6/8/05, Kornél Pál <kornelpal at hotmail.com> wrote:
> > Actually I'm pretty sure so-called NTD is mostly an Internet Explorer
> > feature, mostly disjoint from the runtime itself. It's actually somewhat
> > annoying when you're trying to distribute a .NET executable that cannot be
> > run without full trust. For instance, if you have a Windows system with
> > Internet Explorer and .NET installed at your disposal, try just plain left
> > clicking on the link for mode13.exe in the following directory listing:
> 
> It has some relations to IE but it is a feature of .NET Framework. You are
> right it may be very annoying when you are not able to execute an exe
> because it requires full trust but in fact it is for you security.:)
> 
> The infrastructure itself is provided by .NET Framework because you can
> specify code access security based on the origin of the code as well.
> Internet Exploer interacts with .NET Framework because it has to tell the
> runtime the origin of the code. Actually it is executed from the browser
> cache (Temporary Internet Files) but the runtime knows the actual CodeBase
> URL of the assembly and it can apply the appropriate security rules
> according to your configuration files that can be changed if you want to
> grant full trust to all of the code that you are executing from other
> machines.
> 
> And because the runtime knows the CodeBase of the assembly it can download
> all of it's dependent assemblies as well.
> 
> So this is a feature of runtime in fact but integrates with Internet
> Explorer. And there will be no question whether you want to execute the code
> because it is safe to execute as it has no full trust. I think this is good.
> Of course this causes exceptions when the code requires full trust. In this
> case you have the ability to right click the file and save it to your hard
> drive. Windows XP SP2 the will as you for permission to execute it because
> it comes from an other computer (you can disable this warning) and will
> execute it using full trust (if you did not change the default security
> policy of .NET). But you have to download all of it's dependencies because
> CodeBase will be your hard drive in this case.
> 
> Click Once is a feature of .NET Framework 2.0 that is a built-in installer
> and lets you to download the application to your computer.
> 
> Now I think you can see that neither of these technologies are depending on
> CAS but can save you against malicious code by setting CodeBase to an URL on
> a remote computer. In case of "No Touch" this is applied to the application
> and in case of "Click Once" this is applied to the installer.
> 
> Kornél
> 
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
>