TypeFilterLevel 枚举

定义

指定用于 .NET Framework 远程处理的自动反序列化的级别。Specifies the level of automatic deserialization for .NET Framework remoting.

public enum class TypeFilterLevel
[System.Runtime.InteropServices.ComVisible(true)]
public enum TypeFilterLevel
type TypeFilterLevel = 
Public Enum TypeFilterLevel
继承
TypeFilterLevel
属性

字段

Full 3

.NET Framework 远程处理的 Full (完全)反序列化级别。The full deserialization level for .NET Framework remoting. 它支持远程处理在所有情况下支持的所有类型。It supports all types that remoting supports in all situations.

Low 2

.NET Framework 远程处理的 Low (低)反序列化级别。The low deserialization level for .NET Framework remoting. 它支持与基本远程处理功能相关联的类型。It supports types associated with basic remoting functionality.

注解

.NET Framework 远程处理提供了两个级别的自动反序列化: 低和完全。.NET Framework remoting provides two levels of automatic deserialization, Low and Full. 低反序列化级别仅对与最基本的远程处理功能关联的类型进行反序列化, 从而有助于防范反序列化攻击。The Low deserialization level helps protect against deserialization attacks by deserializing only the types associated with the most basic remoting functionality. 完全反序列化级别支持远程处理在所有情况下都支持的所有类型的自动反序列化。The Full deserialization level supports automatic deserialization of all types that remoting supports in all situations. 有关低和完全支持的 .NET Framework 远程处理类型的列表, 请参阅.NET Framework 远程处理中的自动反序列化For a list of the .NET Framework remoting types that Low and Full support, see Automatic Deserialization in .NET Framework Remoting.

可以通过编程方式或使用应用程序配置文件来设置此枚举的成员。You can set the members of this enumeration programmatically or by using an application configuration file. 有关示例, 请参阅.NET Framework 远程处理中的自动反序列化For examples, see Automatic Deserialization in .NET Framework Remoting.

注意

请不要认为控制反序列化是应用程序所需的唯一安全机制。Do not assume that controlling deserialization is the only security your application requires. 在分布式应用程序中, 即使是对序列化的高度控制, 也可能不会阻止恶意客户端拦截通信, 并以某种方式使用它, 即使只是向其他人显示数据也是如此。In distributed applications, even a high degree of control over serialization might not prevent malicious clients from intercepting the communication and using it in some way, even if that is merely showing data to others. 因此, 虽然低反序列化级别为基于自动反序列化的特定类型的攻击提供了一些保护, 但你仍必须评估是否使用身份验证和加密来帮助保护你的数据.Therefore, although the Low deserialization level provides some protection against certain types of attack based upon automatic deserialization, you must still evaluate whether to use authentication and encryption to help protect the confidentiality of your data.

适用于

另请参阅