.NET code can be sandboxed so it runs with limited permissions. These permissions are not based only on the rights of the user executing the process, but also on rights assigned to the executable, either explicitly or based on its source. For example, code run from a network share or from the Internet gets limited permissions by default.

Code access security is fairly difficult to manage successfully, and sadly the Windows culture tends to solve such problems by granting maximum permissions all round. This won't do in the Internet era; and at least .NET has a security model, unlike unmanaged code (prior to Windows XP SP2 which has some new security features).

I hope that this fature of .NET will address one of the most common complaints about Microsoft's approach to the Internet. The possibility to run an ActiveX component inside a browser is a good thing, in my opinion. It makes developing complex intranet apps much easier. Unfortunately, it leaves the back-door wide open to all kinds of mischief.

I'll be intrigued to see how Longhorn addresses the mixing of browser and code components, and whether it does it much more securely than IE.



--------------------------------------------------------------------------------------------
deadlyvices@hotmail.com
Currently writing the GuideDog editor using MSHTML in my copious free time...