0

When declaring an assembly as friend with [assembly: InternalsVisibleTo("MyFriend")], I have to use the name MyFriend for the other assembly to get access to the internal classes/methodes.

Now I am confused. How is this an lower access than declaring the methods as public? Because I just have to name any assembly MyFriend to get access.

What I am getting wrong?

Jens Björnhager
  • 5,632
  • 3
  • 27
  • 47
John Threepwood
  • 15,593
  • 27
  • 93
  • 149
  • 1
    Because only the assembly named "MyFriend" gets access, not *any* assembly with any name. – Robert Harvey Sep 09 '13 at 21:29
  • 1
    There are lots of ways to access internal memebers if you want to screw around with the framework. You can use Reflection, dynamics writing out IL. The InternalsVisibleTo is meant for general purposes. – Yuriy Faktorovich Sep 09 '13 at 21:30
  • @RobertHarvey Okay, that is right. But this mechanism does not provide a strong restriction because everyone can just name his/her assembly that way to gain access? So what is the point declaring a friend assembly? – John Threepwood Sep 09 '13 at 21:32
  • 1
    @John you can include a public key signature in InternalsVisibleTo, which solves that - but: this is not a security feature. Most apps run in full trust, so anyone can access private state (via reflection etc). – Marc Gravell Sep 09 '13 at 21:33
  • [Relevent post](http://stackoverflow.com/questions/1055382/sgen-internalsvisibleto-and-assembly-signing) – Cemafor Sep 09 '13 at 21:33

1 Answers1

1

If using strong names for your assemblies then you will also need to give the Public key of the assembly allowed to access internals. This it is much better in your case since it doesn't rely only on the name. See : http://msdn.microsoft.com/fr-fr/library/bb385840(v=vs.90).aspx

However people will still be able to access restricted things using Reflection.

Fabien
  • 1,015
  • 2
  • 11
  • 22