Re: [SC-L] Unclassified NSA document on .NET 2.0 Framework Security

2008-11-24 Thread Dinis Cruz
So does this mean that the NSA is recommending .NET applications to be develop so that they can be executed in partially trusted environments? (i.e. not in full trust?) Last time I check just about everybody was developing Full Trust .NET applications (did this change in the last year?) Don't

Re: [SC-L] Unclassified NSA document on .NET 2.0 Framework Security

2008-11-24 Thread Mike Lyman
Dinis Cruz wrote: Don't get me wrong, this is a great document if one is interested in writing applications that use CAS (Code Access Security), I would love for this to be widely used. When we recommended recommending CAS during a review of the U.S. Defense Information System Agency's new