On Fri, 31 May 2002 09:43:12 +0100, Ian Griffiths <[EMAIL PROTECTED]> wrote:
>By default a strongly-named assembly can only be called by full-trusted >callers. I think this is intended as a 'secure by default' setting, because >it should reduce the chances of someone being able to use the luring attack >on such an assembly. Why are they equating strongly named with trusted or secure? A strong named assembly is simply one that can be uniquely referred to. In my case, the strongly named assembly is no more trusted than the referring assembly - they are both from a remote URL. It is exactly in this remote URL (particially trusted) context that you need strong names. There may already be an earlier version of the referenced assembly in the download assembly cache, so you need to give it a strong name to make sure any new versions are downloaded. >But if you want your strongly-named assembly to be callable by partially >trusted callers, just apply the AllowPartiallyTrustedCallersAttribute to >your assembly: > >[assembly:AllowPartiallyTrustedCallersAttribute] Thanks for work around. Cheers, Wayne. You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
