re-motion in partial trust?

5 views
Skip to first unread message

Paul Wideman

unread,
Dec 29, 2009, 1:29:03 PM12/29/09
to re-motion Users
I'm trying to use the latest version of NHibernate trunk (3.0 alpha)
in medium trust. NHibernate uses re-linq, so I've had to rebuild
Remotion.dll, Remotion.Interfaces.dll, and Remotion.Linq.dll with the
AllowPartiallyTrustedCallersAttribute assembly attribute. In some
quick tests, this seems to work OK. But I've ran permcalc against
Remotion.dll and it's obvious that it contains some code that will
throw exceptions in medium trust. So I have some questions:

1) Have you guys considered partial trust scenarios and purposefully
not added APTCA to prevent using Remotion in partial trust?

2) Is what I've done - adding APTCA and recompiling for use in partial
trust - a bad thing? Should it be avoided for Remotion?

From my perspective, doing this is OK as long as I realize that there
is some code in Remotion that will fail under partial trust. If my use
of NHibernate.Linq never causes those pieces of Remotion to be
executed, then I should be OK, right?

Thanks,
Paul

Fabian Schmied

unread,
Dec 29, 2009, 2:41:21 PM12/29/09
to re-moti...@googlegroups.com
Hi Paul,

> I'm trying to use the latest version of NHibernate trunk (3.0 alpha)
> in medium trust. NHibernate uses re-linq, so I've had to rebuild
> Remotion.dll, Remotion.Interfaces.dll, and Remotion.Linq.dll with the
> AllowPartiallyTrustedCallersAttribute assembly attribute. In some
> quick tests, this seems to work OK. But I've ran permcalc against
> Remotion.dll and it's obvious that it contains some code that will
> throw exceptions in medium trust. So I have some questions:
>
> 1) Have you guys considered partial trust scenarios and purposefully
> not added APTCA to prevent using Remotion in partial trust?

At the moment, we're in the process of removing re-linq's dependencies
on the rest of re-motion so that Remotion.Data.Linq.dll becomes a
stand-alone DLL. In that process, we will also consider adding support
for partially trusted code, which will probably result in the
AllowPartiallyTrustedCallersAttribute being added to the assembly.

> 2) Is what I've done - adding APTCA and recompiling for use in partial
> trust - a bad thing? Should it be avoided for Remotion?

No, it's not a bad thing. re-motion will not perform any security
checks or asserts on its own, so it's effectively security-neutral
code.

In short, re-linq will most probably support partially trusted callers
in the near future, and until it does, there shouldn't be a problem
with recompiling with APTCA yourself.

> From my perspective, doing this is OK as long as I realize that there
> is some code in Remotion that will fail under partial trust. If my use
> of NHibernate.Linq never causes those pieces of Remotion to be
> executed, then I should be OK, right?

Yes - I think re-linq shouldn't trigger those pieces of code anyway.
If you do find code paths where NHibernate's LINQ provider causes
SecurityExceptions that could be avoided by re-linq, please let us
know.

Regards,
Fabian

Paul Wideman

unread,
Dec 30, 2009, 1:32:38 AM12/30/09
to re-motion Users
Awesome. Thanks for the quick response, this is exactly what I was
hoping to hear.

FYI, related blog post: http://paulwideman.com/softwareartist/2009/12/30/using-nhibernate-linq-in-medium-trust/

Fabian Schmied

unread,
Dec 30, 2009, 11:35:58 AM12/30/09
to re-moti...@googlegroups.com
> Awesome. Thanks for the quick response, this is exactly what I was
> hoping to hear.
>
> FYI, related blog post: http://paulwideman.com/softwareartist/2009/12/30/using-nhibernate-linq-in-medium-trust/

Great! Here's mine:
<http://www.re-motion.org/blogs/mix/archive/2009/12/30/re-linq-and-partial-trust.aspx>
:)

Fabian

> --
>
> You received this message because you are subscribed to the Google Groups "re-motion Users" group.
> To post to this group, send email to re-moti...@googlegroups.com.
> To unsubscribe from this group, send email to re-motion-use...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/re-motion-users?hl=en.
>
>
>

Reply all
Reply to author
Forward
0 new messages