惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Exploit Database - CXSecurity.com
A
Arctic Wolf
K
Kaspersky official blog
T
Threat Research - Cisco Blogs
PCI Perspectives
PCI Perspectives
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Privacy International News Feed
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
U
Unit 42
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
P
Privacy & Cybersecurity Law Blog
O
OpenAI News
量子位
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
Cisco Blogs
AWS News Blog
AWS News Blog
Vercel News
Vercel News
Microsoft Security Blog
Microsoft Security Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
美团技术团队
T
Threatpost
S
Schneier on Security
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
Cyber Attacks, Cyber Crime and Cyber Security
Last Week in AI
Last Week in AI
C
CERT Recently Published Vulnerability Notes
Blog — PlanetScale
Blog — PlanetScale
C
Cybersecurity and Infrastructure Security Agency CISA
F
Full Disclosure
博客园_首页
N
Netflix TechBlog - Medium
Security Latest
Security Latest
有赞技术团队
有赞技术团队
Google DeepMind News
Google DeepMind News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Register - Security
The Register - Security
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Recent Announcements
Recent Announcements
博客园 - Franky
P
Palo Alto Networks Blog
Project Zero
Project Zero
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
H
Help Net Security
Hacker News: Ask HN
Hacker News: Ask HN
Cisco Talos Blog
Cisco Talos Blog
H
Heimdal Security Blog
The Hacker News
The Hacker News
博客园 - 【当耐特】
GbyAI
GbyAI

博客园 - 浙林龙哥

S3 put object upload file,被AI欺骗的一天 How to get blob data using javascript XmlHttpRequest by sync 咖啡之约--体验 SourceAnywhere 安装node.js / npm / express / KMC 选择沃阁橱柜 ASP.NET 4.0的ClientIDMode=”Static”未必是最好 VS 2010 和 .NET 4.0 系列之《ASP.NET 4 Web Forms 的整洁HTML标识 — 客户端ID》篇 .NET 3.5 Ruby学习1-字符串 ImageMagick 详细安装使用 linux (jmagick) Windows XP 上安装 Bind9 BIND9配置 [javascript] 数组去重问题 [javascript]数组去重 数组A和B找交集 淘宝图片空间---设计师可免费申请短链接啦! php框架 JVM调优 常用的eclipse plugins
How to use iBatis/NHibernate in medium trust/partial trust environments like Mosso
浙林龙哥 · 2010-12-12 · via 博客园 - 浙林龙哥

http://programcsharp.com/blog/archive/2009/08/19/ibatis-nhibernate-mosso-medium-trust-partial-trust-environments.aspx

Many shared hosting providers (in this case Mosso) run your ASP.NET applications in a medium trust or modified medium trust environment to reduce security risks. This causes issues with certain techniques and components that require permissions removed by medium trust.

One of the biggest issues other than the actual restriction of permissions is the restriction of partially trusted assemblies calling fully trusted code. By default, if an assembly is strong named, partially trusted assemblies (i.e. the application assemblies in your app running under medium/partial trust) can't call it. This hits many open source components such as iBatis and NHibernate. The workaround to this is to add the AllowPartiallyTrustedCallers assembly level attribute. This will mark the assembly as safe for calling by partially trusted assemblies.

Here is an example of how to modify iBatis to support this:

  1. Download the iBatis source from the iBatis website: http://ibatis.apache.org/dotnet.cgi
  2. Extract the source .zip to a folder
  3. Open the IBatisNet.2005.sln solution in VS.NET
  4. For each project in the solution, open it's AssemblyInfo.cs file
    1. Add this using statement at the top of the file: "using System.Security;"
    2. Add this attribute at the bottom of the file: "[assembly: AllowPartiallyTrustedCallers]"
  5. Right click on the solution and select "Configuration Manager..."
  6. In the "Active solution configuration" dropdown, select Release
  7. Uncheck all of the Test projects
  8. Click OK
  9. Build the solution

Or you can download the compiled assemblies: iBatis-PartialTrust.zip

Enabling NHibernate for medium/partial trust is a similar procedure. If there is enough demand I will present steps and compiled assemblies for it as well.

As for the permission restrictions, most shared hosting providers don't actually run in medium trust as this restricts many useful things such as Reflection etc. One example I've run into recently is Mosso's modified medium trust. They take medium trust, which consists of the following denied permission restrictions:

  • Call unmanaged code.
  • Call serviced components.
  • Write to the event log.
  • Access Microsoft Message Queuing queues.
  • Access ODBC, OleDb, or Oracle data sources.
  • Access files outside the application directory.
  • Access the registry.
  • Make network or Web service calls (using the System.Net.HttpWebRequest class, for example).

And then Mosso adds back in the following allowed permission to come up with "modified medium trust":

  • WebPermission Unrestricted="true"
  • OleDbPermission Unrestricted="true"
  • OdbcPermission Unrestricted="true"
  • SocketPermission Unrestricted="true"
  • ConfigurationPermission Unrestricted="true"
  • ReflectionPermission Unrestricted="true"

This is still rather limiting, but at least you can get most things done as long as you can call into the necessary assemblies without getting exceptions as discussed in the workaround section above.

Wednesday, August 19, 2009 4:04 PM