search

dnauck / Portable.Licensing

Portable.Licensing is a cross platform software licensing framework which allows you to implement licensing into your application or library. It provides you all tools to create and validate licenses for your software.
http://dev.nauck-it.de/projects/portable-licensing
MIT License
592 stars 173 forks source link

Security risk! Your assemblies are not signed! #27

Open utillity opened 9 years ago

utillity commented 9 years ago

Hi, please sign your assemblies (NuGet package)! Otherwise they can't be used in signed applications and unsigned applications can be subject to a spoofed vesion of your assembly!

thanks! regards, Tilli

EchterAgo commented 8 years ago

REG ADD "HKLM\SOFTWARE\Microsoft\StrongName\Verification," REG ADD "HKLM\SOFTWARE\Wow6432Node\Microsoft\StrongName\Verification,"

Defeats any assembly signing. Won't work, although I still would like it.

utillity commented 8 years ago

not if you create your own assembly-loaders

nirbar commented 7 years ago

Even with the registry keys, you can force strong name validation in app.config with bypassTrustedAppStrongNames: https://msdn.microsoft.com/en-us/library/cc713694(v=vs.110).aspx

utillity commented 7 years ago

Also, you cannot compile a strong named assembly referencing an unsigned assembly.

From: Nir Bar notifications@github.com Sent: Sunday, February 5, 2017 10:21:10 AM To: dnauck/Portable.Licensing Cc: Tilfried Weissenberger; Author Subject: Re: [dnauck/Portable.Licensing] Security risk! Your assemblies are not signed! (#27)

Even with the registry keys, you can force strong name validation in app.config with bypassTrustedAppStrongNames: https://msdn.microsoft.com/en-us/library/cc713694(v=vs.110).aspx

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/dnauck/Portable.Licensing/issues/27#issuecomment-277509414, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AFSu9noSdo3BNleVh2kkqG8JR_FlFIfdks5rZaKWgaJpZM4Fmqhw.