Secured Coding Practices in Compact Framework

Number of things needs to be taken care to prevent the applications from malicious attacks. Following are some of the precautions that I would like to share with you….


§          If the users are allowed to save the data files, there is a need to write a code that restricts the allowable location and file names. You don’t want to allow someone to overwrite an important file or a part of the operating system. Note that the OpenDialogFile and SaveFileDialog controls limit users to working with files in the My Documents folder.



§          If the application is highly sensitive and requires user authentication, consider the asking the user to reauthenticate after a period of time or after a certain number of operations to safeguard against the device being snatched while it is in use.   


Consider in developing libraries or applications that access protected resources, we should keep in mind that future version of the .NET Compact framework will have a security policy that is much more restrictive than the policy in force in Version 1. Follow the instructions below…


§            Encapsulate code that requires high trust in its own assembly. For example, code that uses P/Invoke to call out to unmanaged code will require high trust. In a future version, you can use code access security to request the elevated permissions needed just in that assembly. Then the other code in your library or application can run with only the permissions it needs, rather than all your code having to run with the elevated permissions required by the code using P/Invoke.



§            Utilize only the lowest-trust APIs appropriate to each particular problem. Although all code runs with full trust today, this practice will result in applications that require the least permission to run later on in a secure domain. It is always good security practice to run with the least privilege.


Happy Learning !

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.