Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Dinner with a CAS guru

Thursday, June 23, 2005 Comments

 .NET  ArchitecturePatterns  Database Development  Personal  Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

One highlight (among many) of my stay in Montreal for DevTeach was meeting Montreal natives Nicole Calinoiu and her husband Michel Bordeleau for dinner on Monday night. Nicole is a Visual C# MVP (really, should and soon will be a Security Developer MVP) and Michel is a Media Center MVP. Our evening was filled with good food (we went to a great Italian restaurant on Crescent Street) and great conversation about security, development, consulting/work, and life in Montreal.

Regarding security, Nicole is top notch. She has spent the time digging into the upcoming changes with Whidbey, in particular CAS changes. Her writings on her new blog at (RSS) (you'd be very wise to subscribe!) are excellent as she describes some problems and improvements she has found. She hasn't posted since February, but I hope she does more. You can find her regularly answering questions, though, in the security newsgroups.

What impressed me a great deal is both Michel and Nicole have curious natures and a thirst to figure out the latest hardware and software changes. Like me, they are on nearly every beta program and they really do check EVERYTHING! One topic I spoke on at DevTeach was Managed Stored Procedures in SQL Server 2005 (early at 8:00 am on Sunday!). I mentioned the three CAS Permission Sets an SQLCLR assembly may be loaded with: SAFE, EXTERNAL ACCESS, and UNSAFE. I wish I had talked to Nicole before that talk, because she gave me a cool script to check the internal permissions of each to determine what else has been added to the EXTERNAL ACCESS set in the latest June CTP (you would be surprised!). The best line of the evening was "UNSAFE = Full Trust, or Full Trust = UNSAFE". Whoever came up with the word "UNSAFE" is to be commended because that is exactly what it is to run at "Full Trust".

A truly priceless evening.

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook