Security guru Keith Brown’s A .NET Developer’s Guide to Windows Security  is on line and I’m reading parts of it in my last minute cramming for the 70-330 beta exam. Ach – I have to leave in 1 1/2 hours!

Anyway, I love stuff like this:

From the chapter on Configuring Security for a COM(+) Client (item 53):

It’s a pity that I even have to write this piece, or that it needs to be as complicated as this, but the COM Interop team, while they are content to automate the call to CoInitializeEx for you, apparently don’t feel the same about helping you with security. In fact, in a simple console or Windows Forms application, for example, nobody in the framework bothers to call CoInitializeSecurity. Didn’t anyone on these teams read [PWS]? Arrrgh!

and further on

Here’s the fun part. The normal place where you should call CoInitializeSecurity is when your program first starts up, right after your main thread calls CoInitializeEx. But the .NET Framework takes care of calling CoInitializeEx for you. It does it lazily the first time you make a COM interop call. But by the time you’ve made a COM interop call, it’s already to late to call CoInitializeSecurity! Bah!

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!