Why can't hard names be used in assemblies that are not signed?

Question

Why can't hard names be used in assemblies that are not signed?

To sign assembly A, you must make sure that all assemblies B, C, D that are used by A are signed, and then all assemblies that are used by B, C, D, etc. I don’t understand what kind of security it is. I think this should prevent fake, but assembly A is allowed to open any file, and it can be faked. The same goes for the external web server.

Also, it's too easy to sign the assembly with the .snk file that you publish bypassing this requirement.

+5

.net code-signing assemblies

Bruno martinez May 15, '09 at 13:51

source share

3 answers

Marc Gravell · Answer 1 · 2009-05-15T13:55:18+0000

, B/C/D (), A ; . , B/C/D A.

user96705 · Answer 2 · 2009-05-15T13:54:12+0000

. , - , .

: GAC, , . GAC, ( ). , , GAC.

kemiller2002 · Answer 3 · 2009-05-15T13:55:14+0000

, , , , . , , , , .

If strongly named objects do not work this way, the attack method will replace elements that are not signed with the rogue code that the attacker wants to execute. The error code will be executed in the trusted security context of the signed element.

Why can't hard names be used in assemblies that are not signed?

More articles: