tags:

views:

125

answers:

1
Q: 

What is the purpose of the PermissionSet attribute in the MSDN FileSystemWatcher class example?

On the MSDN FileSystemWatcher Class page, it includes an example with the following class attribute:

 [PermissionSet(SecurityAction.Demand, Name="FullTrust")]

What is the purpose of this? When should it be included or not included?

The FileSystemWatcher Class help page is here: http://msdn.microsoft.com/en-us/library/system.io.filesystemwatcher.aspx

+2  A: 

The FileSystemWatcher class has a link demand for unrestricted CAS permissions. This means that it will verify that its direct caller (i.e.: your code if you're consuming the class directly) has unrestricted permissions.

Unfortunately, use of a link demands opens up potential security holes since the permissions of indirect callers (i.e.: code that calls your code) are not verified by a link demand. This means that an indirect caller with restricted permissions may be able to manipulate your highly trusted code into doing something nefarious on its behalf that it would otherwise not have had the permissions to accomplish.

One of the ways to prevent an attack of this sort is to apply a full demand for the same permission to any code that that consumes a type or member with a link demand. This will ensure that any indirect callers will be subjected to the same permission demand, thereby ensuring that they cannot do anything via your code that they would not have been able to do on their own. Application of a fully demand of this type is what is being shown in the MSDN sample code for the FileSystemWatcher.

Nicole Calinoiu  2010-05-26 16:32:27
I don't think I understand it well enough yet. The example runs fine without the 'PermissionSet...' line. How does it help the code to have it in? Also what does 'FullTrust' mean? Admin privlidges on the machine or just full access to the file/directory in question?
Jeff  2010-05-26 17:17:05
The attribute does not help your code run. Instead, it helps prevent it from running when it should not."FullTrust" refers to unrestricted Code Access Security permissions. This has nothing to do with the permissions granted to the user's account. Code Access Security is an additional security layer provided by .NET that allows one to control permissions granted to running code. For an introduction, see http://msdn.microsoft.com/en-us/library/930b76w0(VS.71).aspx.
Nicole Calinoiu  2010-05-27 13:16:05

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?