freddydk
commented
1 month ago Sounds like a good idea
Open StefanMaron opened 1 month ago
freddydk
commented
1 month ago Sounds like a good idea
freddydk
commented
1 month ago Thinking about this one - isn't the InternalsVisibleTo setting sometimes used for connections between apps? I guess that switch should be an app specific setting - more than just a project setting - or?
StefanMaron
commented
1 month ago Yes, it would probably make sense to define this per app.
I also thought maybe good to have a list of app IDs which should be removed, or which should stay maybe. So we would not just have a plain black/white setting
freddydk
commented
1 month ago This could be combined with stuff like always ensuring that ShowMyCode is false and other settings that you could have during debug but not during release.
StefanMaron
commented
1 month ago Like we already have the app insights connection string
freddydk
commented
1 month ago Yeah - but that one is global... But... - we will have a look at this.
Feature description
Yesterday there was a good blog created by @ChrisBlankDe where he explains that the
InternalsVisibleTocan easily be used to access the internals of an app.https://www.chris-blank.de/2024/10/08/isolated-storage-is-no-guarantee-of-security/
Would it be possible to add an option remove the
InternalsVisibleTofrom the App.json?See AlOps for reference: https://github.com/HodorNV/ALOps/blob/800e006f81c9fd38b3c128ceb22c6aef2c1d035c/mkdocs/docs/ALOpsSteps/v2/ALOpsAppCompiler_v2.md?plain=1#L24