What is type safety and why is it important in terms of security

Posted on 2004-11-08
Last Modified: 2008-02-01
This is a duplicate question I posted in .NET group.Just to get more number of experts involved ;)

 I would like to know what type safety is in .NET. I need a clear explanation. I have read here and there, but its still a grey area for me. Also please provide any links you think are helpful. I have been in .net field for a while, but i dont seem to understand the basics completely.

I am looking forward to an enthusiastic discussion on this topic

Question by:ryerras
    LVL 13

    Assisted Solution


    Type-safe code accesses only the memory locations it is authorized to access. During just-in-time (JIT) compilation, an optional verification process examines the metadata and MSIL (Microsoft intermediate language) of a method to verify that they are type safe. This process is skipped if the code has permission to bypass verification.  Verification plays a crucial role in assembly isolation and security enforcement.  

    When code is not type safe, the runtime cannot prevent unsafe code from calling into native (unmanaged) code and performing malicious operations. When code is type safe, the runtime's security enforcement mechanism ensures that it does not access native code unless it has permission to do so. To run code that is not type safe, SecurityPermission with passed member SkipVerification should be granted.

    You can refer to
    or MSDN
    LVL 8

    Assisted Solution

    May be of help....

    Type safety
           When a user adds a String to a collection of type SortedList, there is an implicit cast to Object. Similarly, if a String object is retrieved from the list, it must be cast at run time from an Object reference to a String reference. This lack of type safety at compile time is both tedious for the developer and prone to error. In contrast, a use of GenericSortedList<String> where T is typed to String causes all add and lookup methods to work with String references. This allows for specifying and checking the type of the elements at compile time rather than at run time.

    LVL 1

    Accepted Solution

    From a C#/ implementation perspective (real world working scenario):

    Type Safety  simply means that a developer is wrapping an object in a type safe wrapper so that only a specific type can be loaded into RAM.

    I will explain further below. What it all boils down to is a simple class wrapper that allows you to limit types basically.

    Say that you  have a simple array or arraylist object in a form or class module. Anybody can load anything into this array or arraylist because the array/arralyist
    allows the addition of any object type.  An array or arraylist has no limitations on what can be loaded into it.  You could, if you wanted to, load the array or arraylist with a customer object, an order object, an employee object etc etc. and this would be perfectly valid. This means that the array/arraylist has no Type safety and is not "Type Safe"

    Now, if you take this same array or array list  and place it inside of a class module that you Create (we will use Employee.cs as an example) and you declare it with a Private modifier inside of this class module now a user of the class can no longer access this array/arraylist directly.  They have to be given a way to access the private array.  You give the user access to the array/arraylist by creating public methods on the class (Employee.cs)

    So on your class module you would provide a public Add() method which would only allow the user to pass in a specific type

    Here is an example
    public void Add(Employee employee)
        //add the employee passed in to the arraylist

    Now, you can see that the user can only pass in an employee type. That is the only type allowed.  The user can only add to the arraylist by calling the Add method and since the method only accepts Employee types the Arraylist will now be "Type Safe" because it can only contain Employee types.  Simple as that.

    A simple Class wrapper created to limit the types that can be loaded into the ArrayList to one type "Employee"..thus giving us "Type safety"



    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Article by: Ivo
    Anonymous Types in C# by Ivo Stoykov Anonymous Types are useful when  we do not need to follow usual work-flow -- creating object of some type, assign some read-only values and then doing something with them. Instead we can encapsulate this read…
    This article introduced a TextBox that supports transparent background.   Introduction TextBox is the most widely used control component in GUI design. Most GUI controls do not support transparent background and more or less do not have the…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now