What is type safety and why is it important in terms of security

This is a duplicate question I posted in .NET group.Just to get more number of experts involved ;)

Hi,
 I would like to know what type safety is in .NET. I need a clear explanation. I have read here and there, but its still a grey area for me. Also please provide any links you think are helpful. I have been in .net field for a while, but i dont seem to understand the basics completely.

I am looking forward to an enthusiastic discussion on this topic

Thanks
LVL 6
ryerrasAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dunglaCommented:
ryerras,

Type-safe code accesses only the memory locations it is authorized to access. During just-in-time (JIT) compilation, an optional verification process examines the metadata and MSIL (Microsoft intermediate language) of a method to verify that they are type safe. This process is skipped if the code has permission to bypass verification.  Verification plays a crucial role in assembly isolation and security enforcement.  

When code is not type safe, the runtime cannot prevent unsafe code from calling into native (unmanaged) code and performing malicious operations. When code is type safe, the runtime's security enforcement mechanism ensures that it does not access native code unless it has permission to do so. To run code that is not type safe, SecurityPermission with passed member SkipVerification should be granted.

You can refer to
http://www.c-sharpcorner.com/Tutorials/DotNetSecurityVP001.asp
or MSDN
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpcontypesafetysecurity.asp
0
rajaloysiousCommented:
May be of help....
http://www.itworld.com/nl/nt2k_sec/11052001/

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrfpeverifytoolpeverifyexe.asp

Type safety
       When a user adds a String to a collection of type SortedList, there is an implicit cast to Object. Similarly, if a String object is retrieved from the list, it must be cast at run time from an Object reference to a String reference. This lack of type safety at compile time is both tedious for the developer and prone to error. In contrast, a use of GenericSortedList<String> where T is typed to String causes all add and lookup methods to work with String references. This allows for specifying and checking the type of the elements at compile time rather than at run time.


http://msdn.microsoft.com/msdnmag/issues/03/09/NET/

Cheers
0
ferguslogicCommented:
From a C#/VB.net implementation perspective (real world working scenario):

Type Safety  simply means that a developer is wrapping an object in a type safe wrapper so that only a specific type can be loaded into RAM.

I will explain further below. What it all boils down to is a simple class wrapper that allows you to limit types basically.


Say that you  have a simple array or arraylist object in a form or class module. Anybody can load anything into this array or arraylist because the array/arralyist
allows the addition of any object type.  An array or arraylist has no limitations on what can be loaded into it.  You could, if you wanted to, load the array or arraylist with a customer object, an order object, an employee object etc etc. and this would be perfectly valid. This means that the array/arraylist has no Type safety and is not "Type Safe"

Now, if you take this same array or array list  and place it inside of a class module that you Create (we will use Employee.cs as an example) and you declare it with a Private modifier inside of this class module now a user of the class can no longer access this array/arraylist directly.  They have to be given a way to access the private array.  You give the user access to the array/arraylist by creating public methods on the class (Employee.cs)

So on your class module you would provide a public Add() method which would only allow the user to pass in a specific type

Here is an example
public void Add(Employee employee)
{
    //add the employee passed in to the arraylist
     arrayList.add(employee)
}

Now, you can see that the user can only pass in an employee type. That is the only type allowed.  The user can only add to the arraylist by calling the Add method and since the method only accepts Employee types the Arraylist will now be "Type Safe" because it can only contain Employee types.  Simple as that.

A simple Class wrapper created to limit the types that can be loaded into the ArrayList to one type "Employee"..thus giving us "Type safety"

:)

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C#

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.