OK, I've read every question here about strong named assemblies and just want to clarify something.
First though, from what I've read, GAC aside, strong named assemblies prevent a malicious t开发者_如何学Chird party changing and impersonating your code. It'd be great to have some links to some real world examples of this kind of spoofing that happened pre strong named assemblies.
If security or the GAC are not a concern, it seems that it's still advisable to strong name assemblies because:
Clients who have strong named assemblies can only reference your assemblies if they are signed.
Clients who do not have strong named assemblies can reference your assembly whether it's signed or not.
Is that a fair analysis?
Warning
Strong name does not prevent assemblies to be tampered with. You can manipulate a signed assembly and resign it with a new strong name.
However, like any public key signature system, you need the private key to sign the tampered version without changing its strong name.
Consequently, strong name is not a secure method to make sure someone can't change your code or circumvent your licensing mechanism or anything like that.
Related post: Can strong naming an assembly be used to verify the assembly author?
Yes, strong named assemblies can only reference strong named assemblies. Assemblies without strong name can reference all assemblies.
精彩评论