This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Current Microsoft Info about CAS and Full Trust
Current Microsoft info about CAS and Full Trust
Follwing this comment in What are the 'Real World' security advantages of the .Net Framework and the JVM? "... We are still talking about the basics! Microsoft is yet still to publicly acknowledge that is a MASSIVE PROBLEM the fact that 99% of .Net applications are designed for, and executed in Full Trust!.."
Here is what is currently publicly published from MS about Full Trust and Partial Trust (and it's dangers):
- Chapter 9 – Using Code Access Security with ASP.NET
- Secure Coding Guidelines for the .NET Framework
- How To: Use Medium Trust in ASP.NET 2.0
- How To: Use Code Access Security in ASP.NET 2.0
See also A Treasure Trove of .NET 2.0 Security Guidance & Documentation from the ThreatsAndCountermeasures Website and the .Net Framwork Blog (by Shawn Farkas) and the patterns & practices Security Wiki
Until this issue is on https://www.microsoft.com/security I still stand by my original quote
Originally Posted on 11/3/2005
