When should I put assemblies in GAC, what are security implications?

From Guidance Share
Revision as of 06:18, 16 October 2006 by Admin (talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to navigationJump to search

J.D. Meier, Prashant Bansode, Alex Mackman

Answer

You should put assemblies in the global assembly cache(GAC) only when the assembly is to be shared by several applications on the computer. Assemblies deployed in the GAC must be strong named, as they are integrity checked at the time of addition to the GAC. In .NET 2.0 all assemblies in the GAC are granted full trust by code access security policy. In .NET 1.1 they usually had full trust by virtual of the fact that the GAC is in the My Computer zone and by default policy for this zone grants full trust.

It is important to add only trusted third party assemblies to the GAC. Assemblies in GAC (and in fact any strong named assembly), need to be marked with the AllowPartiallyTrustedCallersAttribute (APTCA) if they are to be called by partial trust code. You need to be cautious when marking assemblies with APTCA as any malicious code can access the assembly and perform privileged operations. All APTCA assemblies should be subjected to a thorough code inspection. At runtime, APTCA marked assemblies should demand a custom permission or one of the built-in permissions prior to performing privileged operations.