Recently, I came across the InternalsVisibleTo way of making internal classes and methods visible to other assemblies. Though this is very useful in an application where you have a whole bunch of assemblies and you want to avoid circular dependency or code duplication, some of us think this could expose a security flaw. What are your thoughts?
For example, if I have an attribute thus:
[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("foo")]
Even if this were hidden away in an assemblyInfo.cs file, one could discover this through disassembly, etc. And not everyone signs or obfuscates their assemblies. Now, armed with the information that there may be more functionality up for grabs, I can create my own assembly called foo.dll and then make use of methods/classes that I previously could not.
Aucun commentaire:
Enregistrer un commentaire