问题描述
谁能解释一下 SecurityAction 枚举值的含义和用途?
Can anyone explain the meaning of and purposes of the values for the SecurityAction enum?
MSDN 页面不是很清楚.它说 LinkDemand 在即时编译时发生,而 Demand 在运行时发生.
The MSDN page is not terribly clear. It says LinkDemand occurs at just-in-time compilation whereas Demand occurs at runtime.
为什么会有区别?在什么情况下我会使用 LinkDemand 而不是 Demand?
Why the distinction and in what situations would I use LinkDemand as opposed to Demand?
同样,其他有趣的值(如 InheritenceDemand、Assert 和 PermitOnly)的用例是什么.
Likewise, what are the use cases of the other interesting values like InheritenceDemand, Assert and PermitOnly.
推荐答案
LinkDemand 基本上要求调用代码具有指定的权限.另一方面,Demand 不仅要求调用代码具有指定的权限,还要求调用调用代码的代码和调用它的代码,等等,一直向上(或直到找到断言;见下文).
LinkDemand basically requires the calling code to have the specified permission. Demand, on the other hand, requires not only the calling code to have the specified permission, but also the code that called the calling code, and the code that called that, and so on, all the way up the stack (or until an Assert is found; see below).
LinkDemand 可以在 JIT 编译时强制执行,因为如果 JIT 编译器命中调用带有 LinkDemand 的方法的语句,它可以立即确定调用代码是否具有权限.每次对方法进行调用时,都必须在运行时强制执行需求,因为在编译时不可能知道任何给定调用期间堆栈中的内容.因此,LinkDemand 效率更高.然而,这种效率的代价是安全性较低.使用 LinkDemand,您相信调用代码不会让 ITS 调用代码(可能有也可能没有权限)将其用于恶意目的.(换句话说,您相信调用代码中没有安全漏洞,调用者可以利用这些漏洞间接访问 LinkDemand 的方法.)通过 Demand,您知道堆栈上的每个人都绝对拥有权限(在至少直到找到断言为止),因此不存在来自不受信任的调用者的风险.
LinkDemand can be enforced at JIT compile time, because if the JIT compiler hits a statement that calls a method with a LinkDemand, it can determine immediately if the calling code has the permission or not. Demand has to be enforced at runtime every time a call is made to the method, because it is not possible at compile time to know what will be on the stack during any given call. As such, LinkDemand is much more efficient. However, the tradeoff for that efficiency is less security. With LinkDemand, you are trusting that the calling code is not going to let ITS calling code (which may or may not have the permission) use it for nefarious purposes. (In other words, you are trusting that there are no security holes in the calling code that its callers can exploit to gain access indirectly to the method with the LinkDemand.) With Demand, you know that everybody on the stack absolutely has permission (at least up until an Assert is found), so there is no risk from untrusted callers.
Assert 基本上是 Demand 的短路.如果堆栈上的调用方具有活动的 Assert(换句话说,只有堆栈中直到 Assert 的调用方必须具有权限),则随 Demand 发生的安全检查将停止.因此,与 LinkDemand 一样,您必须相信带有 Assert 的代码不会被其调用者利用.
Assert is basically a short-circuit for Demand. The security checking that happens with Demand stops if a caller on the stack has an active Assert (in other words, only the callers in the stack up to the Assert have to have the permission). So, like LinkDemand, you have to trust that the code with the Assert cannot be exploited by its callers.
Deny 也是 Demand 的短路,但它不是断言权限,而是取消调用者可能拥有的权限.您可以使用它来帮助防止可能存在的安全漏洞,方法是确保在可能可被利用的通话期间没有有效的无关权限.
Deny is also a short-circuit for Demand, but instead of asserting a permission it cancels out a permission that a caller might have. You would use this to help prevent possible security holes by ensuring that no extraneous permissions are in effect during a call that might be exploitable.
PermitOnly 与 Deny 类似,不同之处在于它不是拒绝特定权限,而是拒绝除指定权限之外的所有权限.
PermitOnly is like Deny, except instead of denying a specific permission it denies every permission EXCEPT the one specified.
InheritanceDemand 与其他方法不同,它与方法调用没有直接关系,但表示没有权限的类不能从具有 InheritanceDemand 的类继承.例如,这可用于阻止不受信任的代码访问类的受保护成员,否则后代类可以访问这些成员.
InheritanceDemand, unlike the others, is not directly related to method calls, but says that a class that does not have the permission cannot inherit from the class with the InheritanceDemand. This could be used, for instance, to stop untrusted code from gaining access to protected members of the class that would otherwise be accessible to descendant classes.
这篇关于理解.NET的“SecurityAction"权限参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!