开发者

C# - Security concerns with InternalsVisibleTo attribute

Are there any security concerns with using the InternalsVisibleTo attribute with strong-named assemblies? I understand that the assembly receiving information this way must have the private key to decrypt the messages, and that within the InternalsVisibleTo attribute you specify the public key in clear text. Would it be possible for someone to alter th开发者_JS百科e assembly dll and public key in the InternalsVisibleTo attribute to share internal functions to assemblies that weren't originally intended to be shared to?


It has nothing to do with encryption. And a strong name for an InternalsVisibleTo assembly is a hard requirement. All that it proves is that whomever created the assembly had access to the same secret as you did. The private key. With a very strong guarantee that whomever modifies the assembly or tries to create one that impersonates the assembly cannot provide the same proof. They can't get it signed the same way without having access to that private key.

This is sufficient to guarantee trust. Provided you guard the private key.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜