Opinions Sought: Is this an Appropriate Use Of Code Access Securit

C

Chris Mohan

I'm interested in hearing opionions as to whether you think the following solution is a valid use of Code Access Security:

Goal: Ensure all email sent through asp.net apps on a particular server have their addresses validated (for matching a correct address format and validated to ensure that no more than x addresses are put into the "to, cc, and bcc" fields. + a few other rules)

I've designed a small re-usable input validation class that is maintained in assembly "Validation". I then created a separate assembly for the email code called "EmailHelper".

I've used CAS to declaratively perform a link demand in the "EmailHelper" assembly that limits its callers to the "validation" assembly.
ie: <StrongNameIdentityPermissionAttribute(SecurityAction.LinkDemand, _
PublicKey:="0x0024blahblahblah005BDEB9EEF")> _

Doing this ensures that all messages sent through the EmailHelper assembly contain a limited number of recipients and each address is formatted correctly.

Yes, anyone can still just instantiate a new system.web.mail.mailMessage object so this "solution" doesn't really solve anything.. but.. it makes consisent validation easy to achieve(and my real goal was to learn about CAS).

At some point I suppose the admin change the account that the local host's smtp service uses to send messages and then the "EmailHelper" class could then impersonate that account. I assume this additional step would truly achieve the goal of performing validation on all messages.

All constructive thoughts are appreciated.
Thanks,
-Chris
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top