such as Man in the Middle and
Assembly replacement.
Just my two cents.
Jonathan L. Wiggs
Software Engineering Manager
Envision Telephony Inc.
Office: 206.225.0800, ext. 236
Cell: 206.387.7860
[EMAIL PROTECTED]
www.envisioninc.com
-Original Message-
From: GlennDoten
Nick, back to a solution to this quandary. I may have proposed this
already but I'm not sure.
Assumption: only the official owner of log4net should be able to
sign the log4net.dll assembly with the official public/private key
pair.
Why this assumption? Otherwise, anyone could sign the assembly
Nick, I think maybe your own choice is to license the private key.
Write something up that says if you sign any log4net-owned assembly
using the official log4net private key and your code is malicious then
you are in trouble. Or something like that.
Here's the problem with an unsigned assembly.
Not true, Tom. Just because an assembly is signed does not mean it
must be in the GAC to be used by ASPX. We run non-GACed, signed
assemblies with ASPX in production all the time.
FYI
On 6/21/06, Whitner, Tom [EMAIL PROTECTED] wrote:
We are facing a similar question with some internal code.
Just to clarify: there seems to be a misconception about signed
assemblies. A signed assembly runs just fine outside of the GAC, just
as if it were a non-signed assembly.
On 6/21/06, Niall Daley [EMAIL PROTECTED] wrote:
It seems we have several divergent requirements for signing; we need a
On 2/16/06, josh robb [EMAIL PROTECTED] wrote:
Conceptually - this is what I'm proposing:if(isWeb and HttpContent.Current != null){ // store context in HttpContext.Current.Items} else { // sore it in CallContext.}
Josh, why bother with a flag called isWeb? If HttpContext.Current is
not null then