.NET Framework 4 客户端配置文件是否安全?
[英]Is .NET Framework 4 Client profile secure?
问题描述
This question talks about companies who only support .NET Framework 4 Client profile due to security reasons. 
此问题讨论的是出于安全原因仅支持 .NET Framework 4 客户端配置文件的公司。 But does only allowing use of .NET Framework Client profile increase security?但是只允许使用 .NET Framework Client 配置文件会增加安全性吗? This answers talks about that being main case for Client profile.这个答案谈到这是客户资料的主要案例。 But that was 8 years ago.但那是 8 年前的事了。
I can see two reasons why using .NET Framework 4 Client profile is not as secure as it might seem:我可以看到为什么使用 .NET Framework 4 客户端配置文件并不像看起来那么安全的两个原因:
- While surface of .NET API is smaller than full framework, it is still possible to PInvoke any WinAPI method.虽然 .NET API 的表面比完整框架小,但仍然可以 PInvoke 任何 WinAPI 方法。 So there is not much security here.所以这里的安全性并不高。
- Being almost 8 years old, MS might no longer support it, by releasing hotfixes to found security issues.已经快 8 岁了,MS 可能不再支持它,通过发布修补程序来发现安全问题。 But I was unable to find any information about this.但我无法找到有关此的任何信息。
Is my reasoning above valid?我上面的推理有效吗? Are there any other reasons why using only .NET Framework 4 Client profile might be more secure than running full and new .NET?是否有任何其他原因说明仅使用 .NET Framework 4 客户端配置文件可能比运行完整的和新的 .NET 更安全?
1 个解决方案
解决方案1
1 2018-02-14 17:30:25
To reiterate what was talked about in the linked question :重申 链接问题中讨论的内容:
...merely the fact that security updates stopped being issued Jan 2016 should be enough to light a fire under the security conscious.
https://blogs.msdn.microsoft.com/dotnet/2015/12/09/support-ending-for-the-net-framework-4-4-5-and-4-5-1/
I don't see how any software that hasn't been patched because it hasn't been officially supported in over 2 years could be considered secure.我看不出任何因为2 年多没有得到官方支持而没有打补丁的软件可以被认为是安全的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.