This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!
Summary of security issues for class libraries
Do:
- Any class library that uses protected resources must ensure that it only does so within the permissions of its callers.
- Assertion of permission should only be done when strictly necessary, preceded by necessary checks.
- Consider how a semi-trusted malicious caller might potentially use the class to get around security.
- To improve performance aggregate operations that will involve security checks and consider use of assert to limit stack walks without compromising security
Don’t:
- Assume that the code will only be called by callers with certain permissions.
- Define non-type-safe interfaces that might be used to circumvent security elsewhere.
- Expose functionality that allows a semi-trusted caller to take advantage of higher trust of the class.