Security and Productivity: You may only choose one
Wednesday, August 06 2008
Between moving things for my mom, moving things into storage from my apartment (*whew!* I can finally walk around this place again!), and getting "Texan-ized" (vehicle inspection and registration and driver's license), I've been twiddling with NHibernate and the ADO.NET Entity Framework. I've decided to write a paper that compares and contrasts the two, just to help people understand the two approaches to ORM mappings (I'll publish that once it's baked).
As part of my exploration of NHibernate, I decided to rebuild it to work with .NET 3.5 (and I'm toying with the notion of removing the Iesi.Collections dependency and replacing them with HashSet operations, but that's a big project). I downloaded the recent source and kicked off NAnt, only to see it quickly come to a halt during an assembly signing operation. It appears this was an obtuse problem that had nothing to do with the source code, but rather the MachineKeys directory buried deep in the directory hierarchy of the "All Users" directory.
The remedy was written up here by Aaron Zupanic almost 3 years ago (thank you, Google!). The apparent culprit: Administrative permission conflicts. What made it so frustrating is that it took me a fair amount of time to isolate the issue. Admittedly, I'm still scratching my head over whether this was an example of my .NET knowledge getting rusty, or that I got "lucky" and hit one of those rare, but annoying, security glitches. Even worse, I'm left with a nagging sensation whether Aaron's advice made sense from a security perspective. Because let's be honest, "Give full control to everybody in the MachineKeys directory" makes my spidey sense tingle. On the other hand, it worked. I've seen similar guidance in the MSDN forums as well, but it still nags at me. Maybe Stephen Strychak will chime in about this :-)
For now though, I'm going to go read the "CLR via C#" book and brush up on the security stuff.
