Strong named assemblies in Windows Forms .NET

OK, I've read every question here about strong named assemblies and just want to clarify something.

First though, from what I've read, GAC aside, strong named assemblies prevent a malicious third party changing and impersonating your code. It'd be great to have some links to some real world examples of this kind of spoofing that happened pre strong named assemblies.

If security or the GAC are not a concern, it seems that it's still advisable to strong name assemblies because:

  • Clients who have strong named assemblies can only reference your assemblies if they are signed.

  • Clients who do not have strong named assemblies can reference your assembly whether it's signed or not.

  • Is that a fair analysis?


    Warning

    Strong name does not prevent assemblies to be tampered with. You can manipulate a signed assembly and resign it with a new strong name.

    However, like any public key signature system, you need the private key to sign the tampered version without changing its strong name.

    Consequently, strong name is not a secure method to make sure someone can't change your code or circumvent your licensing mechanism or anything like that.

    Related post: Can strong naming an assembly be used to verify the assembly author?


    Yes, strong named assemblies can only reference strong named assemblies. Assemblies without strong name can reference all assemblies.

    链接地址: http://www.djcxy.com/p/57490.html

    上一篇: SSRS外部程序集:无法加载表达式主机程序集

    下一篇: Windows Forms .NET中的强命名程序集