Executing Code in Partial Trust Environments

9 Comments »

When building your first .NET web service, you may be in for a rude awakening when you discover the concept of “partial trust.” Your previously bullet-proof code will suddenly fail in a flurry of exceptions thrown by seemingly innocuous commands such as reading files or accessing the Registry. This article provides a brief overview of Code Access Security and describes how to modify and test your code to work in a partial trust environment.
Read the rest of this entry »

SecureString: Safe from Forensics, but not Surveillance

5 Comments »

The SecureString class is new in the System.Security namespace with the .NET v2.0 upgrade. SecureString keeps sensitive data encrypted in memory so that it cannot be easily stolen. SecureString plugs a specific security hole but does not guard against all threats while securing information in applications.

Read the rest of this entry »