Talk:Code Access Security

Comment
Could someone please clearify that CAS / CLR is not a sandbox due to the verifier being incomplete / inexact by design? And that the class-library is not reference-safe? The last change was reverted due to lack of clear examples.

Or could someone post any reference to Microsoft claiming that .NET/CLR would be a sandbox at all? Until then, one should at least remove that claim.


 * Here you go: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/wpfsecuritysandbox.asp
 * Microsoft has noted that the CLR verifier sometimes rejects safe code as unsafe but I haven't seen any documented claim that it accepts unsafe code as safe.
 * Leotohill 01:58, 4 November 2006 (UTC)

Strong names vs. Signatures
Strong names as evidence are not the same thing as X.509 certificate signatures---strong names can be generated from self-created private keys, for instance. See http://msdn2.microsoft.com/en-us/magazine/cc163583.aspx for an example of the difference. Certificates and signatures are a much more involved (and effective) security measure, the entry should probably distinguish them. —Preceding unsigned comment added by 71.168.99.81 (talk) 16:18, 14 April 2008 (UTC)

Obsolete technology?
I think CAS has been obsolete for some time now. See the comments on Microsoft's page here : "CAS is not supported in .NET Core, .NET 5, or later versions. CAS is not supported by versions of C# later than 7.0" -- plus other warnings about not using it. Equinox ◑ 20:04, 24 April 2021 (UTC)