Evidence
Evidence can be any information associated with an assembly. The default evidences that are used by .NET code access security are:
- Application directory - The directory in which an assembly resides.
- Publisher - The assembly's publisher's digital signature (requires the assembly to be signed via Authenticode).
- URL - the complete URL where the assembly was launched from
- Site - The hostname of the URL/Remote Domain/VPN.
- Zone - the security zone where the assembly resides
- Hash - a cryptographic hash of the assembly, which identifies a specific version.
- Strong Name - a combination of the assembly name, version and public key of the signing key used to sign the assembly. The signing key is not an X509 certificate, but a custom key pair generated by the strong naming tool, SN.EXE or by Visual Studio.
A developer can use custom evidence (so-called assembly evidence) but this requires writing a security assembly and in version 1.1 of .NET this facility does not work.
Evidence based on a hash of the assembly is easily obtained in code. For example in C#, evidence may be obtained by the following code clause:
this.GetType.Assembly.EvidenceRead more about this topic: Code Access Security
Famous quotes containing the word evidence:
“Yet in spite of all they sang in praise of their “Eliza’s reign,” we have evidence that poets may be born and sing in our day, in the presidency of James K. Polk.”
—Henry David Thoreau (1817–1862)
“I believe that no characteristic is so distinctively human as the sense of indebtedness we feel, not necessarily for a favor received, but even for the slightest evidence of kindness; and there is nothing so boorish, savage, inhuman as to appear to be overwhelmed by a favor, let alone unworthy of it.”
—Marcus Tullius Cicero (106–43 B.C.)