On Mon, 22 Apr 2002 15:11:07 -0400, Brian G. Vallelunga <[EMAIL PROTECTED]> wrote:
>Curious.... say that each method checked a class-wide global variable to >see if it could run. Now, this global variable would be set to true, if >the user had successfully authenticated himself. > >Even with ILDasm, there wouldn't be anyway to change the value of the >variable at all, as long as the assembly was signed with a strong name >key, correct? Would this provide enough protection? I'm sure the other >ways mentioned are better, but I'm just curious if this would work, or >is it still "hackable" by changing the MSIL? It's hackable via the Reflection libraries. See [1] for an example of this. To prevent callers from being able to modify your privates, you need to add the following: [assembly: ReflectionPermission(SecurityAction.RequestRefuse, Flags = ReflectionPermissionFlag.MemberAccess)] If someone tried to access that private member, they would get a FieldAccessException. Regards, Jason [1] http://staff.develop.com/woodring/dotnet/#DynoIndexer You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
