[PermissionSetAttribute]

Alan Dean

Subscribe to feeds:  Atom feed for Alan Dean Atom  | RSS feed for Alan Dean RSS  | RDF feed for Alan Dean RDF

View the W3C Semantic data extraction

 

Least Privilege

Most (if not all) of us have heard the mantra of least privilege.

This is the concept that we should develop whilst giving ourselves and our applications the least privilege to do anything. As we write code and from time to time need to obtain privileges to do something (for example: File IO) then we extend the privilege set to include the new privilege.

What is not clearly set out in the MSDN documentation is what should the default, least privilege, Code Access Security setting that should be applied to our assemblies.

The answer is hidden in this MSDN page: Requesting Built-in Permission Sets. You should add the following attribute to the AssemblyInfo.cs file:

AssemblyInfo.cs using System.Security.Permissions;

[assembly:PermissionSetAttribute(SecurityAction.RequestMinimum, Name="Nothing")]

It is unfortunate that this attribute is not part of the AssemblyInfo template that is the source when a new project is created, as I think it should be.