What's New in Security for v2.0
There's a ton of new and enhanced security features coming with the v2.0 release of the CLR. However, finding a definitive list of them all can be a somewhat challenging task. Dominick Baier has an excellent slide deck detailing some of the changes and some demo code as well. You can find both linked from his blog entry here. Keith Brown also highlighted Security Enhancements in the .NET Framework 2.0 in his Security Briefs column for January's MSDN magazine.
Although there's no official list of new security features anywhere, here's some of the highlights of what we've added. I've covered most of these in this blog before, but some of the big ones (like transparency) have yet to show up. You can look for those over the next few weeks. In no particular order:
- Transparency
- Simple Sandboxing API
- ClickOnce
- AppDomainManager / HostSecurityManager
- Permission Evaporation
- PermCalc
- FullTrust means FullTrust
- XML Encryption
- Enhanced X509 support (via X509Certificate2)
- Support for larger SN keys
- Enhanced SecurityException
- Managed ACLs
- PKCS7 support
- FIPS enforcement
- RFC 2898 PBKDF 2
- Full trust GAC
- CasPol -s off changes
- Visual Studio enhancements, such as debug in zone, and enhanced support for debugging security exceptions.
- Test key signing
Performance work was also one of the security team's main focuses during the v2.0 release. And of course there were numerous bug fixes, and other odds and ends. From the number of entries with no links above, it looks like I've got quite a few more blog posts to get writing :-) When I write something on each topic, I'll try to come back and update this post with the link ... there's a lot of great stuff up there -- I can't wait to finally ship this product so that everyone can start using it!