如果我使用 AppDomain.CurrentDomain.GetAssemblies().GetTypes(),有人能够执行代码注入攻击吗?

Would somebody be able to execute a code injection attack if I use AppDomain.CurrentDomain.GetAssemblies().GetTypes()?

如果我在我的 asp.net 应用程序中使用这行代码:

AppDomain.CurrentDomain.GetAssemblies().GetTypes()

Msdn GetAssemblies()

如果有人将 dll 放到我的 bin 文件夹中,他们是否能够创建代码注入攻击?此代码是否动态加载程序集,这将允许代码 运行 其静态构造函数?还是我的想法不对?

Would someone be able to create a code injection attack if they drop a dll in my bin folder?

也许吧,取决于你的程序做什么。

Doesn't this code dynamically load the assembly, which would allow the code to run its static constructor?

绝对不是。 GetAssemblies():

Gets the assemblies that have been loaded into the execution context of this application domain.

它不会动态加载程序集,只是因为它在文件夹中。

如果您担心自己的程序集,那么您可能应该阅读 Why use strong named assemblies?