Are there any security concerns with using the InternalsVisibleTo attribute with strong-named assemblies? I understand that the assembly receiving information this way must have the private key to decrypt the messages, and that within the InternalsVisibleTo attribute you specify the public key in clear text. Would it be possible for someone to alter th开发者_JS百科e assembly dll and public key in the InternalsVisibleTo attribute to share internal functions to assemblies that weren't originally intended to be shared to?
It has nothing to do with encryption. And a strong name for an InternalsVisibleTo assembly is a hard requirement. All that it proves is that whomever created the assembly had access to the same secret as you did. The private key. With a very strong guarantee that whomever modifies the assembly or tries to create one that impersonates the assembly cannot provide the same proof. They can't get it signed the same way without having access to that private key.
This is sufficient to guarantee trust. Provided you guard the private key.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论