Deciding When To Enable Partially Trusted Callers
The implicit LinkDemand for full trust that shared libraries perform by default helps provide your code a high level of protection by not allowing untrusted, potentially malicious code to call your code and exploit weaknesses. If you do not expect that your code will be called from partially trusted code, you should consider leaving the AllowPartiallyTrustedCallersAttribute Class off your shared libraries.
However, there are certain scenarios in which you might want your shared library to be called by mobile or partially trusted code. For example, enterprise applications might want to support managed controls hosted in Microsoft Internet Explorer that run from Web sites on a local intranet. The AllowPartiallyTrustedCallersAttribute attribute should be applied only after you have considered the security implications and taken the necessary precautions, including code review against the secure coding guidelines for managed code. This attribute should be applied to assemblies only if the following criteria are met:
- Partially trusted code use is important to support.
- The assemblies have been designed and built with explicit attention to security considerations to make them robust against all callers, including potentially malicious callers.
- Appropriate security testing with partially trusted code is done before releasing the code.