Re: [Springnet-developer] Spring.Net & shared hosting

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

Maybe it's not that easy. Obviously the most recent version of log4net =
does *not* have the "AllowPartiallyTrustedCallers" Assembly-Attribute =
set. From the log4net mailing list:

[BEGIN]
> -----Original Message-----
> From: Nicko Cadell [mailto:ni...@ne...]=20
> Sent: Sunday, October 29, 2006 2:47 AM
> To: Log4NET User
> Subject: RE: AllowPartiallyTrustedCallers Attribute
>=20
> "The only time you should ever add the AllowPartiallyTrustedCallers
> attribute to your assembly is after a careful security audit.=20
> Be doubly
> wary if your assembly calls unmanaged code." - Keith Brown
>=20
> We have not conducted an adequate audit to allow us to add the
> AllowPartiallyTrustedCallers attribute.
>=20
>=20
> The Nant build script generates a strong name for all release builds
> (where strong naming is supported by the platform)
>=20
> Cheers,
> Nicko
>=20
> > -----Original Message-----
> > From: paulh [mailto:pa...@gr...]=20
> > Sent: 11 October 2006 19:30
> > To: log...@lo...
> > Subject: AllowPartiallyTrustedCallers Attribute
> >=20
> > Hi
> >=20
> > I have a problem running a web site medium trust with log4net=20
> > when it is not in the GAC - according to the MS security docs=20
> > this should be solvable if the AllowPartiallyTrustedCallers=20
> > attribute is added to the assembly.
> >=20
> > Any reason for not doing so?
> >=20
> > Also, how do I tell the nant build to strongly-name an=20
> > assembly - I've generated my key, but the assembly is still=20
> unsigned.
> >=20
> > Regards
> >=20
> > Paul
[END]=20

cheers,
Erich

> -----Original Message-----
> From: Mark Pollack [mailto:Mar...@co...]=20
> Sent: Wednesday, October 25, 2006 6:06 PM
> To: Erich Eichinger; spr...@li...
> Subject: RE: [Springnet-developer] Spring.Net & shared hosting
>=20
> Hi,
> =20
> I think we should work to support this deployment environment=20
> even if we can get it working only for .NET 2.0. =20
> =20
> The GetCompiledPageInstance/CreateInstanceFromVirtualPath=20
> sounds like a simple change as does adding=20
> requirePermission=3D"false".    The file permission one sounds=20
> like it will require some investigation to have a general=20
> robust solutions, ie. not relying on X:\ being in the path. =20
> For the last issue we can add the same assembly attribute as=20
> log4net does.  I wouldn't like to get into providing strongly=20
> and non-strongly signed assemblies in the release.
> =20
> I don't have experience testing permission-restricted=20
> assemblies but maybe we can work with the users get it going. =20
> =20
> Mark
> =20
>=20
> ________________________________
>=20
> From: spr...@li... on=20
> behalf of Erich Eichinger
> Sent: Wed 10/25/2006 2:10 AM
> To: spr...@li...
> Subject: [Springnet-developer] Spring.Net & shared hosting
>=20
>=20
>=20
> Obviously several people have troubles to run Spring.NET in a=20
> shared hosting environment.=20
>=20
> http://forum.springframework.net/showthread.php?t=3D796=20
> <http://forum.springframework.net/showthread.php?t=3D796>=20
>=20
> Question: Do we want to support this? According to=20
> http://djeeg.blogspot.com/2006/08/working-around-shared-hostin
g.html <http://djeeg.blogspot.com/2006/08/working-around-shared-> =
hosting.html>  the changes might be simple (at least for=20
> NET2.0) but I'm not sure how much effort really has to be taken.
>=20
> Has anyone experience on how to test permission-restricted assemblies?
>=20
> cheers,
> Erich
>=20
>=20
>=20