This weekend I watched another Software legends CD show. These mini CD's were handed out on the PDC and on a DotNed meeting. They all contain an interview and/or a presentation. Chris Sells's one starts with an interview by Don Box on pre-asmx services over the web. Followed by a full presentation by Chris on Winforms in the webbrowser. It is not a very recent one so no talk on ClickOnce and a great part of the presentation is on code access security in .NET. Quite interesting and brought very well. The title of this post is a highlight of this.
When downloading code the .NET platforms checks the source of the code. Like the local machine, the intranet and the internet. Every source has its own permission sets. The interesting point is how .net distinguishes the inter- from the intra- net. The only criterium is whethet there is a . in the domain-name. So this is the intranet http://localhost// and http://MyServer/. But http://127.0.0.1/ , which is a loopback to your local machine, is considered the internet to .net security. Because there is a dot in the domain.