Tuesday, December 12, 2006
« A way with words | Main | Code Generation in T-SQL »
Binary security for plugin architecture in .NET

This is something I have noticed in a lot of the samples around plugin architecture (for example).  The common theme is to reflect over the DLLs in an path and load the types that impement a certain interface.  Fair enough so far.  Once you have a collection of pointers to entry points you have plug-ins... but you also have an attack vector.

These examples need to flesh out the scenario of testing the plug-in for authenticity imho.

My gut feeling is I want an X.509 cert in there somewhere as a pre-shared secret, but I don't quite have the full picture in my head just yet, should that tie in with strong naming assemblies, or be seperate additional layer.  Suggestions welcome :-)

Geeking Out! | Secutity
Tuesday, December 12, 2006 8:24:19 AM (AUS Eastern Standard Time, UTC+10:00)  #    Disclaimer  |  Comments [0]  |  Related posts:
Visual Studio 2008 Professional vs. Standard edition. Just what are the differences? Is it Features?
The var keyword (C# 3.0) - Nothing at all like VB6 Variant - It's not even a Type!
Bringing Grep back using PowerShell
iTunes messages not getting any better despite constant updates!
First DR scare at the new office
Sign your way to better quality with a x509 Certificate