具有“不安全”方法的程序集可以从“安全”上下文运行吗?
[英]Can an assembly with “unsafe” methods be run from a “safe” context?
问题描述
I'd like to write some optimized "unsafe" code, but provide a secondary "safe" version that can be used in sandboxes such as web pages. 
我想编写一些经过优化的“不安全”代码,但是提供了可在沙箱(例如网页)中使用的辅助“安全”版本。 Is it possible to put both in the same assembly, or does the existence of any unsafe methods prevent the assembly from being loaded? 是否可以将它们放在同一个程序集中,或者存在任何unsafe方法会阻止程序集的加载?
If I can put them both in one assembly, how do I check if it's possible to run the fast version? 如果我可以将它们放在一个程序集中,如何检查是否可以运行快速版本?
And by the way, how can I run an .exe with raised security so I can test this myself? 顺便说一句,我如何运行具有.exe安全性的.exe ,以便自己进行测试?
1 个解决方案
解决方案1
2 已采纳 2011-04-14 07:14:11
Tread carefully here. 在这里仔细踩一下。 Assemblies containing unsafe code are marked as 'unsafe' and require full-trust in order to load and run. 包含不安全代码的程序集被标记为“不安全”,并且需要完全信任才能加载和运行。
Question: Is the perf boost you expect to get worth the risk of possibly exposing the underlying OS, machine, data, etc. to malware via a vulnerability in your (unsafe) code? 问题:性能提升是否值得您冒险,因为您的(不安全)代码中的漏洞可能会使基础操作系统,机器,数据等暴露于恶意软件中?
I would STRONGLY recommend that you carefully analyze, profile, measure and test your code - and several alternative implementations if you can - before introducing unsafe code. 我强烈建议您在引入不安全的代码之前,仔细分析,分析,评估和测试您的代码(如果可以,请尝试几种替代实现)。 I've experienced few scenarios where unsafe code was truly required and when it was, have had to undergo extensive security reviews and analysis due to the potentially dangerous nature of the code. 我经历过几次真正需要使用不安全代码的情况,由于这种代码具有潜在的危险性,因此不得不进行大量的安全检查和分析。
You might want to read the following: http://social.msdn.microsoft.com/Forums/en-US/clr/thread/596ab254-87ab-4f13-847d-4b15e9170475 您可能需要阅读以下内容: http : //social.msdn.microsoft.com/Forums/en-US/clr/thread/596ab254-87ab-4f13-847d-4b15e9170475
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.