Chak wrote: > What i mean is how can we avoid a 'rogue' component > calling a genuine component, or the other way round.
In *theory*, this is possible. In order to prevent "unauthorized" code from calling code in your assembly, you can apply a StrongNameIdentityPermissionAttribute and use SecurityAction.LinkDemand. In order to prevent your code from calling unknown code, you simply compile your code against a strongly-named assembly. That having been said, there are easy ways around these. It takes about two minutes to round trip a couple of assemblies through ILDASM and ILASM. You simply disassemble an assembly using ILDASM, edit to remove the StrongNameIdentityPermission or change the public key token of a ref'd assembly and reassemble using ILASM. The new assemblies won't be loadable by unmodified code that ref's them using the old strong name, but that's easy to overcome simply by continuing to round trip assemblies until everything works. This really isn't a new problem with .NET, though. You had the same issue with unmanaged binaries. Once you distribute a binary, anyone can use the code. (or reverse engineer it, or modify it, or...) -- Steve Johnson =================================== This list is hosted by DevelopMentor� http://www.develop.com Some .NET courses you may be interested in: NEW! Guerrilla ASP.NET, 17 May 2004, in Los Angeles http://www.develop.com/courses/gaspdotnetls View archives and manage your subscription(s) at http://discuss.develop.com
