> One of the worst case scenarios would be for someone to ship a hacked > mscorlib then somehow run sn.exe on the deployment machine to turn off > verification checking on mscorlib. There are 3 problems the bad guy has to > overcome: > > 1. getting the fake mscorlib onto the machine > 2. getting sn.exe onto the machine (it only ships with the sdk and not the > redist) > 3. running the application (sn.exe) under an admin account
#2 isn't really a problem - it's not like SN -Vr does much beyond setting a registry key. So all hacker X has to do is get that reg key set. Now to do this he still needs admin access... Jason You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.