Portable.Licensing icon indicating copy to clipboard operation
Portable.Licensing copied to clipboard
verified publisher icon dnauck

Security risk! Your assemblies are not signed!

Open utillity opened this issue 10 years ago • 4 comments

Hi, please sign your assemblies (NuGet package)! Otherwise they can't be used in signed applications and unsigned applications can be subject to a spoofed vesion of your assembly!

thanks! regards, Tilli

utillity avatar Aug 06 '15 08:08 utillity

REG ADD "HKLM\SOFTWARE\Microsoft\StrongName\Verification_," REG ADD "HKLM\SOFTWARE\Wow6432Node\Microsoft\StrongName\Verification_,"

Defeats any assembly signing. Won't work, although I still would like it.

EchterAgo avatar Jul 18 '16 12:07 EchterAgo

not if you create your own assembly-loaders

utillity avatar Jul 25 '16 18:07 utillity

Even with the registry keys, you can force strong name validation in app.config with bypassTrustedAppStrongNames: https://msdn.microsoft.com/en-us/library/cc713694(v=vs.110).aspx

nirbar avatar Feb 05 '17 10:02 nirbar

Also, you cannot compile a strong named assembly referencing an unsigned assembly.

From: Nir Bar [email protected] Sent: Sunday, February 5, 2017 10:21:10 AM To: dnauck/Portable.Licensing Cc: Tilfried Weissenberger; Author Subject: Re: [dnauck/Portable.Licensing] Security risk! Your assemblies are not signed! (#27)

Even with the registry keys, you can force strong name validation in app.config with bypassTrustedAppStrongNames: https://msdn.microsoft.com/en-us/library/cc713694(v=vs.110).aspx

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/dnauck/Portable.Licensing/issues/27#issuecomment-277509414, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AFSu9noSdo3BNleVh2kkqG8JR_FlFIfdks5rZaKWgaJpZM4Fmqhw.

utillity avatar Feb 05 '17 11:02 utillity