You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am not comfortable shipping assemblies that are not signed, since solutions using such assemblies are more prone to attacks.
From OpenAI:
Signing assemblies is a way to ensure the authenticity and integrity of an assembly. It allows you to verify that an assembly has not been tampered with and that it comes from a trusted source. Signing assemblies can also enable some features, such as putting them in the Global Assembly Cache (GAC) or using them in a strongly named application domain.
There are different ways to sign an assembly with a strong name, such as using Visual Studio, the Assembly Linker tool, or assembly attributes. You need a cryptographic key pair to sign an assembly, which can be generated by tools like sn.exe or Visual Studio.
Some of the benefits of signing assemblies are:
You can prevent name spoofing attacks, where a malicious assembly tries to impersonate another assembly by using the same name and version.
You can ensure that your application only loads the correct version of an assembly, and avoid loading an incompatible or outdated version.
You can use code access security (CAS) policies to grant permissions to assemblies based on their strong names.
You can use the GAC to share assemblies across applications and reduce disk space usage.
Some of the drawbacks of signing assemblies are:
Signed assemblies can only reference other signed assemblies, which can limit your choice of third-party libraries or components.
Signed assemblies are tied to a specific version of an assembly, which can cause problems when you want to update or patch an assembly without recompiling the application.
Signing assemblies can introduce a slight performance overhead due to the verification of the signature.
The text was updated successfully, but these errors were encountered:
I am not comfortable shipping assemblies that are not signed, since solutions using such assemblies are more prone to attacks.
From OpenAI:
Signing assemblies is a way to ensure the authenticity and integrity of an assembly. It allows you to verify that an assembly has not been tampered with and that it comes from a trusted source. Signing assemblies can also enable some features, such as putting them in the Global Assembly Cache (GAC) or using them in a strongly named application domain.
There are different ways to sign an assembly with a strong name, such as using Visual Studio, the Assembly Linker tool, or assembly attributes. You need a cryptographic key pair to sign an assembly, which can be generated by tools like sn.exe or Visual Studio.
Some of the benefits of signing assemblies are:
You can prevent name spoofing attacks, where a malicious assembly tries to impersonate another assembly by using the same name and version.
You can ensure that your application only loads the correct version of an assembly, and avoid loading an incompatible or outdated version.
You can use code access security (CAS) policies to grant permissions to assemblies based on their strong names.
You can use the GAC to share assemblies across applications and reduce disk space usage.
Some of the drawbacks of signing assemblies are:
Signed assemblies can only reference other signed assemblies, which can limit your choice of third-party libraries or components.
Signed assemblies are tied to a specific version of an assembly, which can cause problems when you want to update or patch an assembly without recompiling the application.
Signing assemblies can introduce a slight performance overhead due to the verification of the signature.
The text was updated successfully, but these errors were encountered: