Revision as of 13:44, 22 May 2023 edit PyetroPy (talk \| contribs) 210 edits →Portability: Improved definition Tags: Mobile edit Mobile web edit ← Previous edit		Revision as of 13:48, 22 May 2023 edit undo PyetroPy (talk \| contribs) 210 edits →Security: Clarified concept Tags: Mobile edit Mobile web edit Next edit →
Line 106: ===Security=== .NET Framework has its own security mechanism with two general features: [[Code Access Security]] (CAS), and validation and verification. CAS is based on evidence that is associated with a specific assembly. Typically the evidence is the source of the assembly (whether it is installed on the local machine or has been downloaded from the Internet). CAS uses evidence to determine the permissions granted to the code. ~~Other~~Calling ~~codes~~code can demand that ~~calling code~~it be granted a ~~specified~~specific permission. The demand causes CLR to perform a call stack walk: every assembly of each method in the call stack is checked for the required permission; if any assembly is not granted the permission a security exception is thrown. [[Managed code\|Managed]] [[Common Intermediate Language\|CIL]] bytecode is easier to [[reverse engineering#Reverse engineering of software\|reverse-engineer]] than native code, unless [[obfuscated code\|obfuscated]].<ref>Gartner, Inc. as reported in "Hype Cycle for Cyberthreats, 2006", September 2006, Neil MacDonald; Amrit Williams, et al.</ref> {{Not a typo\|.NET}} [[decompiler]] programs enable developers with no reverse-engineering skills to view the source code behind unobfuscated .NET assemblies. In contrast, apps compiled to native machine code are much harder to reverse-engineer, and source code is almost never produced successfully, mainly because of compiler optimizations and lack of [[reflection (computer programming)\|reflection]].<ref>{{cite thesis\|last1=Cifuentes\|first1=Cristina\|title=Reverse Compilation Techniques\|chapter-url=http://www.labri.fr/perso/fleury/download/papers/binary_analysis/cifuentes-thesis.pdf\|publisher=[[Queensland University of Technology]]\|date=July 1994\|chapter=6: Control Flow Analysis\|url-status=dead\|archive-url=https://web.archive.org/web/20161122154356/http://www.labri.fr/perso/fleury/download/papers/binary_analysis/cifuentes-thesis.pdf\|archive-date=November 22, 2016\|df=dmy-all}}</ref> This creates concerns in the business community over the possible loss of [[trade secret]]s and the bypassing of license control mechanisms. To mitigate this, Microsoft has included [[Dotfuscator]] Community Edition with [[Visual Studio .NET]] since 2002.{{efn\|Dotfuscator Community Edition 4.0}} Third-party obfuscation tools are also available from vendors such as [[VMware]], V.i. Labs, [[Turbo (software)\|Turbo]], and [[Red Gate Software]]. Method-level encryption tools for .NET code are available from vendors such as [[SafeNet]].

.NET Framework: Difference between revisions