http://www.infoq.com/news/2008/08/.NET-3.5-SP1-Runs-Managed-Code
In the past, one could not run managed code from network shares due to security reasons. That feature was introduced in .NET from the beginning to prevent security attacks coming from network locations. The feature did not resolve the respective security threats because unmanaged code always was allowed to run in such a circumstance.
A pool organized by Brad Adams, Program Manager at Microsoft, shows that many people would like to have the possibility to run managed code from network shares. Microsoft responded to the general request enabling the feature in .NET 3.5 SP1.
Dru pointed this out to me and some others today. I am not sure where I stand on this one yet (because I am compulsive about security). To look at why they did it makes sense (from a consistency standpoint). If you are running something from a network share you are inside your network. Usually if you are running something on the network, it is because you want to run it. And if you can get to it, you can give yourself permissions to do it (provided you have the right privileges).
What happens when you don’t want to allow other people in your network the ability to run something (and you basically have not given them the privileges to run CasPol)? Hmmmm...
I guess that is where the application has its security and security checks (which is a good practice and what you would have to do with unmanaged code).
I am kind of on the fence with the change because I am used to CasPol and limiting and controlling permissions.
What are your thoughts?