Virtual Internal Overrides or Overloads Overridable Friend

  • Article

You must be aware of a nuance of the type system accessibility when confirming that your code is unavailable to other assemblies. A method that is declared virtual and internal (Overloads Overridable Friend in Visual Basic) can override the parent class's vtable entry and can be used only from within the same assembly because it is internal. However, the accessibility for overriding is determined by the virtual keyword, and this can be overridden from another assembly as long as that code has access to the class itself. If the possibility of an override presents a problem, use declarative security to fix it, or remove the virtual keyword if it is not strictly required.

Note that even if a language compiler prevents these overrides with a compilation error, it is possible for code written with other compilers to override.

See Also

Secure Coding Guidelines | Security Concerns for Internal Virtual and Overloads Overridable Friend Keywords