Using CasPol to Fully Trust a Share
来源:互联网 发布:完美国际153 单数据库 编辑:程序博客网 时间:2024/05/17 23:22
Since network shares by default only get LocalIntranet permissions, it's relatively common to want to use CasPol to fully trust some shares that you control and know are safe. However, CasPol syntax being what it is, the command to do this isn't immediately obvious. If I wanted to trust everything on the share //ShawnFa-Srv/Tools, the command:
Would setup the policy to do what I needed. Lets break down this command:
- -m - modify the machine level of the policy. This is needed, since the machine level is where all of the default policy lives. On NT platforms it's also the default level that CasPol works with, however on Win9x, CasPol will default to the user level, so putting -m in the command line explicitly tells CasPol to use the correct level.
- -ag 1.2 - add a code group under group 1.2. In the default policy, group 1.2 is the LocalIntranet group, so the new code group that we're creating will only be checked if the file comes from the intranet.
- -url file:////ShawnFa-Srv/Tools/* - The membership condition for the new code group should be a UrlMembershipCondition, and it should match anything with a URL that starts with file://ShawnFa-Srv/Tools, meaning that any file on the //ShawnFa-Srv/Tools share will match this code group.
- FullTrust - The permission set to grant assemblies that match the code group. In this case, FullTrust.
Once you know the pattern, it's pretty easy to modify this command line to do slightly different things. For instance, if I want to trust only a specific non-strongly named assembly on my share, I might use
Which will create a hash membership condition that matches the SHA1 hash of the CodeCSS.exe file.
When I install a new build of the runtime, my install script actually ends with two lines that do just this:
copy config/security.config config/security.config.default
Which trusts everything coming off of a share on my computer, and then makes a copy of that policy as the new default, so that all future calls to CasPol -all -reset do not remove this modification.
- Using CasPol to Fully Trust a Share
- Using caspol.exe to change .NET security policy - done right
- js add url to trust
- trust
- To learn, to share.
- How to mount Windows share on Red Hat Enterprise Linux system using CIFS
- Using "prototype" to append a new method to a Class
- Using WinInet to call a Web service
- using html:link to pass a param
- Connecting to a GPS receiver using Bluetooth
- Using OpenLayers to develop a WebGIS Client
- How to Submit a Form Using JavaScript
- Using spring to mock a jndi
- ABAP Using a Cursor to Read Data
- how to build a codec using lib
- Using newInstance() to Instantiate a Fragment
- Qualification Round Problem A. Bot Trust-模拟
- blog to share
- 对javascript特殊字符的处理
- 原来RFC规定url是不准带下划线的。
- 提高ABAP性能
- 如何进入有密码的Win XP
- 关于语音的带宽
- Using CasPol to Fully Trust a Share
- 用js来隐藏div
- ASPX(C#)中调用SQLSERVER2005中的SSIS
- Using caspol.exe to change .NET security policy - done right
- Oracle-PL/SQL
- 几个重要的Linux系统内核文件介绍
- NetBeans Globel Translation Team T-shirt!
- 深思人生
- C#人民币大小写转化