Udostępnij za pośrednictwem


Dangerous Permissions and Policy Administration

Several of the protected operations for which the .NET Framework provides permissions can potentially allow the security system to be circumvented. These dangerous permissions should be given only to trustworthy code, and then only as necessary. There is usually no defense against malicious code if it is granted these permissions.

Note

In the .NET Framework version 4, there have been important changes to the .NET Framework security model and terminology. For more information about these changes, see Security Changes in the .NET Framework 4.

The dangerous permissions are explained in the following table.

Permission

Potential risk

SecurityPermission

   

UnmanagedCode

Allows managed code to call into unmanaged code, which is often dangerous.

SkipVerification

Without verification, the code can do anything.

ControlEvidence

Invalidated evidence can fool security policy.

ControlPolicy

The ability to modify security policy can disable security.

SerializationFormatter

The use of serialization can circumvent accessibility mechanisms. For details, see Security and Serialization.

ControlPrincipal

The ability to set the current principal can trick role-based security.

ControlThread

Manipulation of threads is dangerous because of the security state associated with threads.

ReflectionPermission

   

MemberAccess

Can use private members to defeat accessibility mechanisms.

See Also

Other Resources

Secure Coding Guidelines