堆栈内存溢出
  简体   繁体   English

如何使用Reflection避免访问类的私有成员?

[英]How can I avoid accessing private members of a class using Reflection?

 原文  2014-05-26 19:46:44       c#/ security/ reflection

问题描述

I was reading Security Considerations for Reflection and I saw the following line: 我正在阅读反思的安全注意事项 ,我看到以下行:

Transparent code cannot use reflection to access security-critical members, even if the code is fully trusted. 即使代码完全受信任,透明代码也无法使用反射来访问安全关键成员。 A MethodAccessException, FieldAccessException, or TypeAccessException is thrown. 抛出MethodAccessException,FieldAccessException或TypeAccessException。

So, I've written a test program: 所以,我写了一个测试程序:

Class Library: 班级图书馆: 

namespace ClassLibrary
{
    public class Foo
    {
        [SecurityCritical] private int X;
    }
}

Test program: 测试程序: 

using ClassLibrary;
namespace ReflectionSecurityTest
{
    class Program
    {
        static void Main(string[] args)
        {
            Foo f = new Foo();
            var flags = BindingFlags.Instance | BindingFlags.NonPublic;
            var field = f.GetType().GetField("X", flags);
            field.SetValue(f,15);
            Console.WriteLine(field.GetValue(f));
        }
    }
}

I would expect to see an exception but instead I see 15 in the Console.The question is why ? 我希望看到一个例外,但我在控制台看到15 。问题是为什么 Did I misunderstand what SecurityCritical does or did I do something wrong? 我是否误解了SecurityCritical做了什么或做了什么我做错了什么?

1 个解决方案

解决方案1
 4 已采纳  2014-05-26 19:58:48

The bullet point below that states: 下面的要点指出:

  • Code that is running with partial trust is treated as transparent. 使用部分信任运行的代码被视为透明。

Application code that is run from the command line runs with full trust. 从命令行运行的应用程序代码以完全信任的方式运行。 As long as it is not marked as transparent, it can use reflection to access security-critical members. 只要它没有标记为透明,它就可以使用反射来访问安全关键成员。 When the same code is run with partial trust (for example, in a sandboxed application domain) the assembly's trust level determines whether it can access security-critical code: If the assembly has a strong name and is installed in the global assembly cache, it is a trusted assembly and can call security-critical members. 当使用部分信任运行相同的代码时(例如,在沙盒应用程序域中),程序集的信任级别确定它是否可以访问安全关键代码:如果程序集具有强名称并安装在全局程序集缓存中,则是一个值得信赖的程序集,可以调用安全关键成员。 If it is not trusted, it becomes transparent even though it was not marked as transparent, and it cannot access security-critical members. 如果它不受信任,即使它没有标记为透明,它也会变得透明,并且它无法访问安全关键成员。

So to answer the question from your title: 所以要回答你标题中的问题:

How can I avoid accessing private members of a class using Reflection? 如何使用Reflection避免访问类的私有成员?

You can't, if you can't sandbox the code performing the reflection. 你不能,如果你不能沙箱执行反射的代码。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用反射访问私有成员 - Using Reflection for Accessing Private Members 如何在 System.Reflection.Assembly Class C# 中使用 assembly.getype() 访问私有类 - How can I access private class using assembly.getype() in System.Reflection.Assembly Class C# C#:通过反射访问继承的私有实例成员 - C#: Accessing Inherited Private Instance Members Through Reflection 如何在C#中使用反射来查找类中满足特定委托要求的所有成员? - How can I use reflection in C# to find all the members of a class that meet the requirements of a specific delegate? 我可以使用PrivateObject类或Reflection来访问私有类中的字段吗? - Can I use PrivateObject class or Reflection to access a field in a private class? 如何避免重复访问属性的代码而不使用反射 - How to avoid duplicating code for accessing properties WITHOUT using reflection 如何在C#中使用反射来区分具有相同属性的类成员 - How to distinguish class members with same attribute using reflection in C# 我如何制作一个可以创建另一个类的实例并访问所有者的私有成员的类 - How do I make a class that can create an instance of another class and access private members of the owner 我如何访问私有摘要的成员以在公共类中以只读方式进行分类? - How can I access members of a private abstract to class for read-only purposes in a public class? 如何使用PrivateObject访问我的类及其父级的私有成员? - How can I use PrivateObject to access private members of both my class and its parent?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM