发表新帖
发表新帖

.NET Assembly Plugin Security

后端 未结
关注
6 949
梦谈多话
梦谈多话 2020-12-08 12:17

I have used the following code in a number of applications to load .DLL assemblies that expose plugins.

However, I previously was always concerned with functionality

6条回答
  • 甜味超标
    甜味超标 (楼主)
    2020-12-08 12:30

    1. If you are concerned with the security of your assemblies, you should Strongly Name them. This provides a high level of security that the assembly is indeed the one you intend for it to be.

    2. Exceptions you might encounter during load are as follows. Add try/catch around your load attempt at Assembly.Load() and react according to the error type:

      • ArgumentNullException
      • FileLoadException
      • FileNotFoundException
      • BadImageFormatException

    3. Assemblies you load dynamically should have the same rights as the user account which loaded them unless this assembly is in the GAC. Create a service account with the rights you desire, and run your application using this account to control access.

    0 讨论(0)
 看不清?
提交回复
热议问题