SuppressUnmanagedCodeSecurity on DllImports

Jan 26, 2010 at 11:10 AM

Hi there,

Does anyone see a problem with giving all the DllImports in ExcelDNA a [SuppressUnmanagedCodeSecurity]?

Just checking there are no good reasons why they were omitted in the first place

Jan 26, 2010 at 11:53 AM

Hi - I've actually had a version with this added, but I think the problem we had was solved in some other way.

Adding this attribute is supposed to be a performance optimization, where MSDN warns:

"Use this attribute with extreme care. Incorrect use can create security weaknesses." and elsewhere "...the performance gains come with significant security risks."

I just don't understand the .Net security stuff well enough to know if it really would be an issue in our case. Is there a particular reason why you think it should be added - either for performance reasons or some usage scenario? Are there good reasons to add it? Are you comfortable that we are not causing a security issue by adding it?



Jan 26, 2010 at 2:00 PM

I think so, yes

I'm not a code security expert either, but afaict the DllImports only expose stuff that is already accessible via other legitimate public routes anyway.