Infralution Support Forum Index Infralution Support
Support groups for Infralution products
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Assembly StrongNaming Command Line Options

 
Post new topic   Reply to topic    Infralution Support Forum Index -> Globalizer Feature Requests
View previous topic :: View next topic  
Author Message
d1rkg3ntly



Joined: 18 Feb 2010
Posts: 3
Location: Paisley, Scotland

PostPosted: Wed Oct 13, 2010 10:35 am    Post subject: Assembly StrongNaming Command Line Options Reply with quote

I've noticed that when the option to strong name deployed assemblies is selected, the key information appears to be embedded in the Globalizer .gxl project file. This is not really acceptable from a security standpoint.

We use Globalizer from the command line as part of our build process to build deployed assemblies, and would like to be able to specify to build strong named assemblies and supply the path to a keyfile, e.g.

Globalizer workspaceFile [/build] [/targets:target1[,target2]]
[/languages:lang1[,lang2]] [/invariant] [/deploy] [/deploydir:directory] [/strongname] [/keyfile:keyfile]

Would this be possible?

Thanks
Back to top
View user's profile Send private message Visit poster's website
Infralution



Joined: 28 Feb 2005
Posts: 5027

PostPosted: Wed Oct 13, 2010 9:20 pm    Post subject: Reply with quote

If you are using the latest version of Globalizer.NET (2.3.6) then you can already do this using the strongnamefile and strongnamepassword command line options. See the manual excerpt below:

Quote:
Usage
Globalizer workspaceFile [/build] [/targets:target1[,target2]] [/excludetargets:target1[,target2]] [/languages:lang1[,lang2]] [/invariant] [/deploy] [/deploydir:directory] [/strongnamefile:filename] [/strongnamepassword:password]

[/strongnamefile:filename] Specifies .snk or .pfx file used to sign satellite assemblies. This overrides the target settings.
[/strongnamepassword:password] Specifies the password used for opening .pfx files


Also note the following paragraph about strong names and security from the help:

Quote:
If your application assemblies are signed with a .NET strong name then the satellite assemblies, containing the localized resources, must also be signed with the same strong name (otherwise .NET will not load them). Globalizer.NET provides the ability to build satellite assemblies signed with a strong name. To do this the Strong Name associated with the Project Target is saved in an encrypted form as part of the Workspace. The encryption of the Strong Name provides some level of protection against your Strong Name being extracted and mis-used, however it is not hacker proof and you should not release Workspace files containing encrypted Strong Name data to agencies that you do not trust. To prevent StrongNames being included when you export your Workspace to a Translator you should either uncheck the Enable Translator Build option in the Workspace Properties or uncheck the Sign Deployed Assemblies option for individual Project Targets.

_________________
Infralution Support
Back to top
View user's profile Send private message Visit poster's website
d1rkg3ntly



Joined: 18 Feb 2010
Posts: 3
Location: Paisley, Scotland

PostPosted: Thu Oct 14, 2010 8:10 am    Post subject: Reply with quote

Cheers for the speedy reply. I'll get our build environment updated to the latest version.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Infralution Support Forum Index -> Globalizer Feature Requests All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group