Build Failed - assembly needs to be signed with a strong nam

maitpg1maitpg1 Posts: 4
edited June 18, 2010 9:49AM in SmartAssembly 5
Why does v5 require a strong name to enable 'resource compression and encryption', 'error reporting', or 'string compression and encryption'? This was not a requirement in v4.2.
I can't give my assembly a strong name because it uses references that I don't own and can't assign strong names to.
· Share on Twitter

Comments

  • maitpg1maitpg1 Posts: 4
    The message below was the response I received from Red Gate support:
    I am currently discussing with the developers about the change to having strong name signed assemblies for certain protections as it is very over-restrictive (there are plenty of situations where you can not strong name sign an assembly because of trust setting which could prevent you loading dependencies). The change was added to improve security as one of the developers working in a different part of Red Gate came up with a potential attack vector on the protection methods that used compression. As all a potential hacker could do was get at the uncompressed, but still fully encrypted data, it was not a major issue but one that needed to fixed. Hopefully we should be able to provide a better way of protection if you aren't able to strong name signing.

    Darn developers... always think they know what's best. :wink:
    · Share on Twitter
  • Alex DAlex D Posts: 384
    We've worked around this by only doing the check for the attack when you choose to sign your assembly. Get in touch with support if you need a fixed build before we release it.

    Cheers,
    Alex
    Developer,
    Red Gate .NET Tools
    · Share on Twitter
Sign In or Register to comment.