Images in this post missing? We recently lost them in a site migration. We're working to restore these as you read this. Should you need an image in an emergency, please contact us at imagehelp@codebetter.com
NVelocity in partial trust environment?
The question is: How do you play with nvelocity in shared hosting environments where medium trust is a common standard?
As I mentioned in my previous post, it's not so easy to go around it - even if we would like to disable CAS temporarily using the 'Mutex method', we have no permissions to do this ;).
The problem is mostly because of the ReflectionPermission required by NVelocity itself (this is the only way to instantiate objects referenced in templates).
NVelocity project is dead since October 2003, although we may download from sf.net svn repository sources imported 6 months ago from castleproject. I'm not sure about this, but I think the nvelocity team is not going to take care of the project any more.
I know that some of you use MonoRails with NVelocity as a template engine - don't you have problems with partial trust? Don't you develop any modules for DotNetNuke with some help from NVelocity (I do ;))? Now every one 'good' dnn module has to pass the 'medium trust requirement', so the potential usage of NVelocity in dnn is rather small... :(
Don't you find it as a MS battle against different template engines? We may use heavy asp.net templates, because 'the asp.net engine is good and signed by MS' and we cannot use other engines, because 'it is highly recommended to work on medium trust' and so - we do. Of course we may ask our admin to specify for our app custom policy file, but have you ever tried to do this?

Posted 12-13-2006 6:00 PM by Michal Grzegorzewski

[Advertisement]

Comments

Christopher Bennage wrote re: NVelocity in partial trust environment?
on 12-13-2006 5:35 PM

I ran into this problem when I was trying to use Castle for a small project hosted on a shared server. I did not get around to resolving it due to timelines and competing priorities. I'm interested to hear what others have to say.

Michal Grzegorzewski wrote re: NVelocity in partial trust environment?
on 12-13-2006 6:39 PM

I've seen your post on castle forum and I'm not satisfied with the answer you've got. There was also another post regarding this issue, but the answer was even less informative.

I'm affraid no one can help us and without support from hoster we are not able to use any of template based generators (which have to use reflection and probably compiler services to interpret & execute the template).

Actually I think medium trust should be mandatory in shared environments. This is a great work done by MS on security and isolates our app from others. Even when admin would not secure the server using proper ACLs on ntfs drives/registry/other system objects, we and other users are probably safe because of the CAS restrictions. Few days ago I found a small ( < 1000 accounts) hosted site where without any account I was able to modify any user file found on that server. There was one domain user for all web accounts, no acls, full trust and few open accounts with opportunity to upload my own piece of code - totally anonymously. I've put a 'greeting' file on admin test account and - of course - informed the admin of some problems in security. Actually I was considering establishing basic account on this site, because it was promoted by ... and I was sure there must have been everythig ok. The moral of this story is - be aware of full trust, because your neighbour may be interested in your data, and without proper settings from hoster you cannot do anything to protect yourself.

Christopher Bennage wrote re: NVelocity in partial trust environment?
on 12-13-2006 9:58 PM

I don't think that it is reflection causing the problem.  I'm using a relfection based OR/M in a shared environment without a problem.

<sigh /> Perhaps one day soon I'll have some time to investigate deeper.

Michal Grzegorzewski wrote re: NVelocity in partial trust environment?
on 12-14-2006 4:46 AM

Probably you are working in a higher trust level. MSDN Library states clearly (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/thcmch09.asp):

Full: Unrestricted permissions. Applications can access any resource that is subject to operating system security. All privileged operations are supported.

High: Not able to call unmanaged code. Not able to call serviced components. Not able to write to the event log. Not able to access Microsoft Message Queuing queues. Not able to access OLE DB data sources...

Medium: In addition to the above, file access is restricted to the current application directory and registry access is not permitted.

No reflection permissions whatsoever. No sockets permission. Can send e-mail by using SMTP servers.

To check what trust level you are operating in simply use the IsGranted method described in my previous post, against for example RegistryPermission or mentioned ReflectionPermission.

Miroo wrote re: NVelocity in partial trust environment?
on 09-07-2007 2:54 PM

Hi Michal

Did you solve the problem? Did you manage to find any working template engine I could use instead of nVelocity?

social bookmark link wrote re: NVelocity in partial trust environment?
on 01-18-2013 12:16 AM

doMs3O Im thankful for the blog article.Much thanks again. Fantastic.

buy viagra wrote re: NVelocity in partial trust environment?
on 02-02-2013 9:03 AM

a2o9lE Thank you ever so for you blog.Thanks Again. Fantastic.

Social bookmarks wrote re: NVelocity in partial trust environment?
on 03-23-2013 3:46 PM

5QkTtu I value the blog.Much thanks again. Cool.

awesome moldavian news wrote re: NVelocity in partial trust environment?
on 08-05-2013 1:14 AM

odfvpH Really informative post.Really looking forward to read more. Awesome.

best linkbuilding wrote re: NVelocity in partial trust environment?
on 09-30-2013 7:20 PM

QdZF3H I am so grateful for your article. Great.

link building wrote re: NVelocity in partial trust environment?
on 10-24-2013 12:31 AM

N5E5Xe I cannot thank you enough for the article.Really looking forward to read more.

cheap backlinks wrote re: NVelocity in partial trust environment?
on 07-18-2014 8:31 PM

2rUvUc Looking forward to reading more. Great blog article.Really looking forward to read more. Really Cool.

crorkz matz wrote re: NVelocity in partial trust environment?
on 08-06-2014 3:31 PM

s2smtq Fantastic article.Really looking forward to read more.

Add a Comment

(required)  
(optional)
(required)  
Remember Me?

About The CodeBetter.Com Blog Network
CodeBetter.Com FAQ

Our Mission

Advertisers should contact Brendan

Subscribe
Google Reader or Homepage

del.icio.us CodeBetter.com Latest Items
Add to My Yahoo!
Subscribe with Bloglines
Subscribe in NewsGator Online
Subscribe with myFeedster
Add to My AOL
Furl CodeBetter.com Latest Items
Subscribe in Rojo

Member Projects
DimeCasts.Net - Derik Whittaker

Friends of Devlicio.us
Red-Gate Tools For SQL and .NET

NDepend

SlickEdit
 
SmartInspect .NET Logging
NGEDIT: ViEmu and Codekana
LiteAccounting.Com
DevExpress
Fixx
NHibernate Profiler
Unfuddle
Balsamiq Mockups
Scrumy
JetBrains - ReSharper
Umbraco
NServiceBus
RavenDb
Web Sequence Diagrams
Ducksboard<-- NEW Friend!

 



Site Copyright © 2007 CodeBetter.Com
Content Copyright Individual Bloggers

 

Community Server (Commercial Edition)