TypeFilterLevel TypeFilterLevel TypeFilterLevel TypeFilterLevel Enum

定義

指定 .NET Framework Remoting 之自動還原序列化 (Deserialization) 的層級。Specifies the level of automatic deserialization for .NET Framework remoting.

public enum class TypeFilterLevel
[System.Runtime.InteropServices.ComVisible(true)]
public enum TypeFilterLevel
type TypeFilterLevel = 
Public Enum TypeFilterLevel
繼承
TypeFilterLevelTypeFilterLevelTypeFilterLevelTypeFilterLevel
屬性

欄位

Full Full Full Full 3

.NET Framework Remoting 的完整還原序列化層級。The full deserialization level for .NET Framework remoting. 在所有情況下它都支援遠端處理所支援的所有類型。It supports all types that remoting supports in all situations.

Low Low Low Low 2

.NET Framework Remoting 的低還原序列化層級。The low deserialization level for .NET Framework remoting. 它支援與基本遠端處理功能關聯的類型。It supports types associated with basic remoting functionality.

備註

.NET Framework 遠端處理提供兩種層級的自動還原序列化, 也就是 Low 和 Full。.NET Framework remoting provides two levels of automatic deserialization, Low and Full. 「低還原序列化」層級可透過僅還原與最基本的遠端功能相關聯的類型, 協助防止還原序列化的攻擊。The Low deserialization level helps protect against deserialization attacks by deserializing only the types associated with the most basic remoting functionality. 完整還原序列化層級支援在所有情況下自動還原序列化遠端支援的所有類型。The Full deserialization level supports automatic deserialization of all types that remoting supports in all situations. 如需低和完整支援的 .NET Framework 遠端處理類型清單, 請參閱.NET Framework 遠端處理中的自動還原序列化。For a list of the .NET Framework remoting types that Low and Full support, see Automatic Deserialization in .NET Framework Remoting.

您可以用程式設計方式或使用應用程式佈建檔來設定這個列舉的成員。You can set the members of this enumeration programmatically or by using an application configuration file. 如需範例, 請參閱.NET Framework 遠端處理中的自動還原序列化。For examples, see Automatic Deserialization in .NET Framework Remoting.

警告

請不要假設控制還原序列化是您應用程式所需的唯一安全性。Do not assume that controlling deserialization is the only security your application requires. 在分散式應用程式中, 即使對序列化的高度控制也可能無法防止惡意用戶端攔截通訊, 並以某種方式使用它, 即使只是向其他人顯示資料也一樣。In distributed applications, even a high degree of control over serialization might not prevent malicious clients from intercepting the communication and using it in some way, even if that is merely showing data to others. 因此, 雖然低還原序列化層級會根據自動還原序列化, 針對特定類型的攻擊提供一些保護, 但您仍然必須評估是否要使用驗證和加密來協助保護您的data.Therefore, although the Low deserialization level provides some protection against certain types of attack based upon automatic deserialization, you must still evaluate whether to use authentication and encryption to help protect the confidentiality of your data.

適用於

另請參閱