On Wed, Jan 29, 2014 at 1:21 AM, Uwe Seibt <[email protected]> wrote: > > Dear sirs, > > how is it possible to pass the APTCA Check test? Our Application is using .NET Framework 2.0 and .NET Framework 3.5
I doubt you'll get a lot of feedback on this, as this is the "SQLite mailing list" not the "Windows .NET Application Certification mailing list", but I did befriend Google long enough to find the page at http://msdn.microsoft.com/en-us/library/windows/apps/hh920280.aspx#binscope_1which says: > *AllowPartiallyTrustedCallersAttribute* > *Windows App Certification Kit error message*: APTCACheck Test failed > The AllowPartiallyTrustedCallersAttribute (APTCA) attribute enables access to fully trusted code from partially trusted code in signed assemblies. When you apply the APTCA attribute to an assembly, partially trusted callers can access that assembly for the life of the assembly, which can compromise security. > *What to do if your app fails this test* > Don't use the APTCA attribute on strong named assemblies unless your project requires it and the risks are well understood. In cases where it's required, make sure that all APIs are protected with appropriate code access security demands. APTCA has no effect when the assembly is a part of a Windows Store app. > *Remarks* > This test is performed only on managed code (C#, .NET, etc.). I suspect (though I don't know because you did not say) that you received extra information in your report that indicated that the SQLite .NET assembly allows partially trusted callers. If that is the case, there are three possibilities: One, convince the maintainers to change it (which seems unlikely since it is probably necessary, but I'll let them decide that); Two, grab the project source and rebuild it yourself with whatever options and configuration you need; Three, take special note of the part under "what to do" that says to not use that attribute on strong named assemblies "unless your project requires it and the risks are well understood. In cases where it's required, make sure that all APIs are protected with appropriate code access security demands." My reading of this seems to indicate that this message is *not* a show stopper for becoming Windows certified. Given the nature of SQLite, designed to embed the ability to access SQL databases, it seems to me that it is doing exactly what it needs to do (especially given that the .NET assembly DLL is actually a hybrid interface [if I understand correctly] that gives both the C# and C level APIs in a single DLL). _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
