Hacking the Code: ASP.NET Web Application Security

Frequently Asked Questions

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form. You will also gain access to thousands of other FAQs at ITFAQnet.com.

1.

I want to prevent an overload of security stack walk. How can I control this?

2.

When should I use the imperative syntax, and when should I use the declarative?

3.

How should I go about building a code group hierarchy?

Answers

1.

This can indeed become a major concern if it turns out that the code accesses a significant number of protected resources and/or operations, especially if they happen in a long calling chain. The only way to prevent this from happening is to put in a SecurityAction.Assert just before a protected resource or operation is called. This implies that you need a thorough understanding of when a stack walk or demand is triggered and on what permission this stack walk will be performed. By just placing an Assert, you create an uncontrolled security hole. What you can do is the following, which can be applied in the situation in which you make a call to a protected resource, but do this from within a loop structure. You can also use it in a situation in which...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Protocol Stack Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.