[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

What is type safety and why is it important in terms of security

Posted on 2004-11-08
3
Medium Priority
?
534 Views
Last Modified: 2008-02-01
This is a duplicate question I posted in .NET group.Just to get more number of experts involved ;)

Hi,
 I would like to know what type safety is in .NET. I need a clear explanation. I have read here and there, but its still a grey area for me. Also please provide any links you think are helpful. I have been in .net field for a while, but i dont seem to understand the basics completely.

I am looking forward to an enthusiastic discussion on this topic

Thanks
0
Comment
Question by:ryerras
3 Comments
 
LVL 13

Assisted Solution

by:dungla
dungla earned 680 total points
ID: 12530016
ryerras,

Type-safe code accesses only the memory locations it is authorized to access. During just-in-time (JIT) compilation, an optional verification process examines the metadata and MSIL (Microsoft intermediate language) of a method to verify that they are type safe. This process is skipped if the code has permission to bypass verification.  Verification plays a crucial role in assembly isolation and security enforcement.  

When code is not type safe, the runtime cannot prevent unsafe code from calling into native (unmanaged) code and performing malicious operations. When code is type safe, the runtime's security enforcement mechanism ensures that it does not access native code unless it has permission to do so. To run code that is not type safe, SecurityPermission with passed member SkipVerification should be granted.

You can refer to
http://www.c-sharpcorner.com/Tutorials/DotNetSecurityVP001.asp
or MSDN
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpcontypesafetysecurity.asp
0
 
LVL 8

Assisted Solution

by:rajaloysious
rajaloysious earned 640 total points
ID: 12531316
May be of help....
http://www.itworld.com/nl/nt2k_sec/11052001/

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrfpeverifytoolpeverifyexe.asp

Type safety
       When a user adds a String to a collection of type SortedList, there is an implicit cast to Object. Similarly, if a String object is retrieved from the list, it must be cast at run time from an Object reference to a String reference. This lack of type safety at compile time is both tedious for the developer and prone to error. In contrast, a use of GenericSortedList<String> where T is typed to String causes all add and lookup methods to work with String references. This allows for specifying and checking the type of the elements at compile time rather than at run time.


http://msdn.microsoft.com/msdnmag/issues/03/09/NET/

Cheers
0
 
LVL 1

Accepted Solution

by:
ferguslogic earned 680 total points
ID: 12535513
From a C#/VB.net implementation perspective (real world working scenario):

Type Safety  simply means that a developer is wrapping an object in a type safe wrapper so that only a specific type can be loaded into RAM.

I will explain further below. What it all boils down to is a simple class wrapper that allows you to limit types basically.


Say that you  have a simple array or arraylist object in a form or class module. Anybody can load anything into this array or arraylist because the array/arralyist
allows the addition of any object type.  An array or arraylist has no limitations on what can be loaded into it.  You could, if you wanted to, load the array or arraylist with a customer object, an order object, an employee object etc etc. and this would be perfectly valid. This means that the array/arraylist has no Type safety and is not "Type Safe"

Now, if you take this same array or array list  and place it inside of a class module that you Create (we will use Employee.cs as an example) and you declare it with a Private modifier inside of this class module now a user of the class can no longer access this array/arraylist directly.  They have to be given a way to access the private array.  You give the user access to the array/arraylist by creating public methods on the class (Employee.cs)

So on your class module you would provide a public Add() method which would only allow the user to pass in a specific type

Here is an example
public void Add(Employee employee)
{
    //add the employee passed in to the arraylist
     arrayList.add(employee)
}

Now, you can see that the user can only pass in an employee type. That is the only type allowed.  The user can only add to the arraylist by calling the Add method and since the method only accepts Employee types the Arraylist will now be "Type Safe" because it can only contain Employee types.  Simple as that.

A simple Class wrapper created to limit the types that can be loaded into the ArrayList to one type "Employee"..thus giving us "Type safety"

:)

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article series is supposed to shed some light on the use of IDisposable and objects that inherit from it. In essence, a more apt title for this article would be: using (IDisposable) {}. I’m just not sure how many people would ge…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month18 days, 3 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question