Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
Table 11.6 provides a short comparison between Software Restriction Policies (SRPs) and Code Access Security (CAS).
Here are some last words about CAS. CAS is clearly the most powerful technology of the two. It is a fundamental component of the .NET Framework that will let application developers write more-secure code, however, I hope this chapter has shown that application developers are not the only ones who need to understand this important technology: CAS will affect the tasks of any security-aware Windows architect, consultant, or administrator because configuring and fine-tuning CAS security policies is generally beyond an application developer’s responsibilities. Configuring CAS security policies is complex, but it is a process with which you will want to become familiar as soon as possible. If you want to secure your .NET environment, don’t miss the CAS Express.
| SRPs | CAS | |
|---|---|---|
| Important for… | Administrators, Architects | Administrators, Architects, Developers |
| Can be applied to… | Any file (*.exe, *.dll, *.vbs…). For executables and libraries, SRPs can be applied independently of whether the code behind them is COM+ or .NET based | Any assembly written using the .NET development framework |
| Can be administered by… | GPO Administrator | Forest, domain, or machine administrator, user, or developer |
| Level of access control enforcement | File is allowed to run or not | Very granular access control enforcement: access control can be set for individual system resources |
| Available on… | Windows Server 2003 and XP platforms | Any platform that has the .NET Framework installed |
Категории