Strong named assemblies in winforms .net

Ok, I've read every question on here about strong named assemblies and just want to clarify something.

First though, from what I've read, GAC aside, strong named assemblies prevent a malicious 3rd party changing and impersonating your code. It'd be great to have some links to some real world examples of this kind of spoofing that happened pre strong named assemblies.

If security or the GAC are not a concern, It seems that it's still advisable to strong name assemblies because:

(A) Clients who have strong named assemblies can only reference your assemblies if they are signed.

(B) Clients who do not have strong named assemblies can reference your assembly whether it's signed or not.

Is that a fair analysis?

Warning

Strong name does not prevent assemblies to be tampered with. You can manipulate a signed assembly and resign it with a new strong name.

However, like any public key signature system, you need the private key to sign the tampered version without changing its strong name.

Consequently, strong name is not a secure method to make sure someone can't change your code or circumvent your licensing mechanism or anything like that.

Yes, strong named assemblies can only reference strong named assemblies. Assemblies without strong name can reference all assemblies.

ansaurus

tags:

views:

answers: