Video: How Do I: Perform Imperative Security Checks?

Presenter:Todd Miranda

Learn how to perform imperative security checks. Restricting access to code that could potentially be used to perform malicious actions is often overlooked. Todd Miranda discusses how imperative security checks allow you to protect your application code by requiring appropriate permissions prior to execution.

The following text is a software generated transcript of the video. Click on a minute link to jump to a location within the video



Minute 0

Fellow Lions Tom Miranda in this video and I demonstrate how to perform and impair a security check in managed code listing in of Visual Studio 2008 and 11 special array use into the alternate you could do this was to studio to Governor files will lay more project again noticeably use the net framework two got Osama using any of the functionality that would be contained only and forgot over three to five are former to be fairly basic here with writing a button to initiate the attempt at the action so to file accidents and the liberal label so we can write out some messages to the user


Minute 1

Orinoco is little message so let s get your butt included we can clean out some of this system security permissions delivery dealing with permissions why so little of it about the imperative security syntax versus declarative syntax the imperative syntax or why would you choose to do very well imperative would allow you to performed the security checks at runtime if these permissions state Virginia Beach performing those checks against only becomes known at runtime which happens in a number of cases otherwise you probably use declarative syntax which effectively rights uses attribute


Minute 2

A data into the the metadata of the application the apparent security checks are actual in line code the first thing you do when you want to perform up and imperative security check is your walk create the permission and set the permissions state for the of the things you want trot to do for the actions were further and the regular demand on that permission aren t the one thing to note about a pair of security checks is if you were demand for that permission fails it will throw an exception so you need to think of fraud for dummies and impaired security he d be sure to think up front about how you re going to do your exception handling and be sure that you do good exception handling any time that you re going to call demand on your set of permissions that so let s take a look at all of them rolled into an actual example at a typical example might be to do something with file access was that you ve written this application will make sure that someone


Minute 3

To Libya malicious entity that has gone your application are or has access your application can use your application to performs without malicious activity on the hard drive or with a particular far so us take a look at how we would perform in a pair security check to determine if we have file I O access to or into a file I O permission and recall this just testing permissions as the permission that were currently testing and this is new file in permission and in our phyllo permission were in a state that we want to test for the right access level of the file I O permission intricately that that they ll refund that effectively says do you have right file I O permission however we ll take a step further and will say do I have permission to


Minute 4

To see test txt so we will look at a particular file for the heat in the permissions were as explicitly state that okay so we got our file permissions of this is lower going to test for a resorted door appeared of chit chat check for so they say would do is the actual demand an order that like a sailor woman should we got our try catch blocks and catch the exception print like that so will do testing permissions demand and if this succeeds then will this go on to the will say label message txt equals you have far


Minute 5

Access otherwise they will message txt equals denied got so one it would create our phyllo permission they we ve we ve given it certain parameters that we want to a more further restrict that permission they were talking about where do a demand on that permission and if we have access to the Castle if we don t exceptional get thrown where you catch the exception write a message out to the user through the label is the slave that was built built succeeded and the front right now I m running currently under a user that much has full access to a file system so I could get file access I should


Minute 6

And have access as as you have file access so that s gripe gripe was that you look at through roundabout way with a look at how the declared a syntax looks because willing to do it is in order to test the failure situation I m going to restrict the applications access to the file system rights only do that in a declarative syntax somewhat to appear animal specify assembly close a file I O permission security action request refuse and I m going to set the unrestricted for the at


Minute 7

Torah once a refused all requests of any risky request at all for file I O permission right so now I ll effectively prevented the application running under my current users security level to ask as false as the sultry runners and will tip for Alexis again and we ve been denied up and so is fairly straightforward to create a create a permission to a demand on it and that facilitates our appeared a security check the one thing to remember to really come of take home is since that demand will throw an exception in this case you will make sure that you do good exception handling and and figure out up front in application how you handle your exceptions if you know the level


Minute 8

Permission checks that you want to a more check for no go into those in declarative syntax and upfront that way the data store your metadata you have to worry about throwing these exceptions in your application if you have access to that so if you won t find more resources on secure development visit WW W hello secure world com

Click here to go to original video page