Perhaps this should be titled: “The security brief that got away”.
I missed Keith Brown's alarming MSDN article warning against the use of fully trusted code. It's devastating. Under full trust an assembly can:
- Avoid being verified by the loader
- Execute private methods
- Turn of all of CAS
- Assert any permission, even if denied
- Call into other app domains
Boy, that should curdle the blood! How's that for violating the principle of least privilege (see Tip #7)?
Keith links to an article by Ivan Mendvedev that gives pointers on how to write partially trusted code.
Can't wait for Keith's book to be done.