开发者

Why is it possible to load types in an unsigned assembly from a signed assembly using reflection?

I have two assemblies A and B. A is strong named and B is not.

According to MSDN I cannot reference B from A because a strong named assembly can only reference another strong named assembly.

But then why is it possible to load assembly B, instantiate its class and call their methods from assembly A using reflection?

// Inside assembly A
Assembly b = Assembly.LoadFrom("B");
obj开发者_如何转开发 myObj = b.CreateInstance("MyClass");

Doesn't this defeat the very purpose of not allowing to reference unsigned assemblies in a signed one?


Well, you have to understand that strong-named assemblies are designed to circumvent "DLL Hell" and allow "side-by-side versioning". AFAIK it is not designed for security.

Therefore, you're allowed to use reflection in a strong-named assembly to call methods and instantiate classes in unsigned assemblies. The framework assumes you know what you're doing because you're explicitly loading a file -- and you therefore should know which file you really want. In other words, you are telling the framework: "For this assembly, I want to manage my own versioning."

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜