IDesign C#編碼規范(之十)
2024-07-21 02:18:56
供稿:網友
4.6安全 security
1.總是使用強名稱發布代碼,該名稱對于該應用程序而言是私有的,對于你是公有的。
always demand your own strong name on assemblies and components that are private to the application, but are public(so that only you use them).
public class publickeys
{
public const string mycompany = “55555555588888888ddddddddd”;
}
[strongnameidentitypermission(securityaction.linkdemand, publickey = publickeys.mycompany)]
public class myclass
{}
2.對應用程序配置文件要實施加密和安全保護。
apply encryption and security protection on application configuration files.
3.當引入一個互操作方法時,要斷言不可控代碼操作允許,并且聲明相應的允許權限。
when importing an interop method, assert unmanaged code permission, and demand appropriate permission instead.
[dllimport(“user32”, entrypoint = “messageboxa”)]
private static extern int show(intptr handle, string text. string caption, int msgtype);
[securitypermission(securtiyaction.assert, unmanagedcode = true)]
[uipermission(security.demand, window = uipermissionwindow.safetoplevelwindows)]
public static void show(string text, string caption)
{
show(intptr.zero, text, caption,0);
}
4.不要通過suppressunmanagedcodesecurity屬性來抑制不可控代碼的訪問。
do not suppress unmanaged code access via the suppressunmanagedcodesecurity attribute.
5.不要使用tlbimp.exe這個不安全轉換程序。將ccw包含于可控代碼內,使你可以斷言和授權。
do not use the /unsafe switch of tlbimp.exe. wrap the ccw in managed code so that you could assert and demand permissions declaratively on the wrapper.
6.在服務器端發布代碼訪問策略,授權給microsft, ecma和自身為全信任。
on server machines deploy access-code security policy that grants only microsft, ecma and self(identified by stong name) full trust.
其他代碼可以顯示的授權為nothing。
a) all other code is implicitly granted nothing.
7.在客戶端服務器,發布安全策略授權給客戶端應用程序,使其有權回調服務器端程序并且能夠潛在的顯示用戶界面。
on client machine, deploy a security policy which grants client application only the permissions to call back the server and to potentially display user interface.
客戶端的應用程序應該予以強名稱堅定。
a) client application identified by strong name.
8.在權限集水平總是拒絕權限,因為在附近不能被請求去執行任務。
always refuse at the assembly level all permissions not required to perform the task at hand.
a)to counter a luring attack.
[assembly: uipermission(securityaction.requestrefuse, window = uipermissionwindow.allwindows)]
9.總是在每一個main()方法里對windows應用principal策略
always set the principal policy in every main() method to windows.
public class myclass
{
static void main()
{
appdomain currentdomain = thread.getdomain();
currentdomain.setprincipalpolicy(principalpolicy.windowsprincipal);
}
//other methods
}
10.在沒有要求一個不同的權限的情況下,不可斷言一個權限。
never assert a permission without demanding a different permission in its place. see chapter 12 in programming .net components.
