Security and Public Read-only Array Fields

Never use read-only public array fields from managed libraries to define the boundary behavior or security of your applications because read-only public array fields can be modified.


Some .NET framework classes include read-only public fields that contain platform-specific boundary parameters. For example, the InvalidPathChars field is an array that describes the characters that are not allowed in a file path string. Many similar fields are present throughout the .NET Framework.

The values of public read-only fields like InvalidPathChars can be modified by your code or code that shares your code’s application domain. You should not use read-only public array fields like this to define the boundary behavior of your applications. If you do, malicious code can alter the boundary definitions and use your code in unexpected ways.

In version 2.0 and later of the .NET Framework, you should use methods that return a new array instead of using public array fields. For example, instead of using the InvalidPathChars field, you should use the GetInvalidPathChars method.

Note that the .NET Framework types do not use the public fields to define boundary types internally. Instead, the .NET Framework uses separate private fields. Changing the values of these public fields does not alter the behavior of .NET Framework types.

See Also

Secure Coding Guidelines