| 摘要 |
A system and method is provided for providing security to components or assemblies (10, 20, 30, 70, 80, 90) employed by application programs (136, 232) during runtime. Assemblies (10, 20, 30, 70, 80, 90) carry version information that can be used to enforce the versioning rules described by the application program (136, 232). At runtime, version numbers requested by the application programs (136, 232) are compared with those version numbers of the assemblies (10, 20, 30, 70, 80, 90) that are actually found. In addition to comparing version numbers, the present invention offers a stricter form of version checking based on cryptographic hashes. An assembly (10, 20, 30, 70, 80, 90) is provided with module information that contains a list of files that make up the assembly (10, 20, 30, 70, 80, 90). Part of the information recorded about each module (14, 45, 50, 96, 98) is a hash of the module's content at the time the manifest was built. An assembly (70) referencing another assembly (80, 90) computes the hash of the manifest (82, 94) of the referenced assembly (80, 90). An assembly manifest (82, 94) may include dependency information, which is information about other assemblies that the assembly depends on or references. |
