Цитата:
Microsoft Dynamics AX code access security allows developers to protect dangerous APIs from being invoked by untrusted code (code that does not originate from the Application Object Tree (AOT)). Code access security does this by performing the following actions:
1. It verifies that the code asserted the appropriate permission on the call stack to use the dangerous API.
2. It verifies that the assert (the request to use the dangerous API) was executed in trusted code and saved in the AOT.
3. It verifies that the assert was executed on the same tier as the dangerous API.
For Dynamics AX version 4.0, code access security covers the use of dangerous APIs on the server tier only. You do not need to modify or mitigate client-only invocations of dangerous APIs.
см. также
http://msdn.microsoft.com/en-us/library/930b76w0.aspx - ноги растут оттуда
Цитата:
To help protect computer systems from malicious mobile code, to allow code from unknown origins to run with protection, and to help prevent trusted code from intentionally or accidentally compromising security, the .NET Framework provides a security mechanism called code access security. Code access security allows code to be trusted to varying degrees depending on where the code originates and on other aspects of the code's identity. Code access security also enforces the varying levels of trust on code, which minimizes the amount of code that must be fully trusted in order to run. Using code access security can reduce the likelihood that your code can be misused by malicious or error-filled code. It can reduce your liability because you can specify the set of operations your code should be allowed to perform as well as the operations your code should never be allowed to perform. Code access security can also help minimize the damage that can result from security vulnerabilities in your code.