Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why is it possible to load types in an unsigned assembly from a signed assembly using reflection?

I have two assemblies A and B. A is strong named and B is not.

According to MSDN I cannot reference B from A because a strong named assembly can only reference another strong named assembly.

But then why is it possible to load assembly B, instantiate its class and call their methods from assembly A using reflection?

// Inside assembly A
Assembly b = Assembly.LoadFrom("B");
obj myObj = b.CreateInstance("MyClass");

Doesn't this defeat the very purpose of not allowing to reference unsigned assemblies in a signed one?

like image 276
Unmesh Kondolikar Avatar asked Dec 02 '10 13:12

Unmesh Kondolikar


1 Answers

Well, you have to understand that strong-named assemblies are designed to circumvent "DLL Hell" and allow "side-by-side versioning". AFAIK it is not designed for security.

Therefore, you're allowed to use reflection in a strong-named assembly to call methods and instantiate classes in unsigned assemblies. The framework assumes you know what you're doing because you're explicitly loading a file -- and you therefore should know which file you really want. In other words, you are telling the framework: "For this assembly, I want to manage my own versioning."

like image 50
Stephen Chung Avatar answered Sep 18 '22 02:09

Stephen Chung