CurrentCulture and SecurityException

Question

We write some winForms GUI application that uses the Invariant Culture. So in the beginning of the Main we have:

    [STAThread]
    static void Main()
    {
        CultureInfo culture = CultureInfo.InvariantCulture;
        System.Threading.Thread.CurrentThread.CurrentCulture = culture;
        ... 

The problem is that on some machines it works perfectly but on some machines on some configurations ( like Debug/AnyCPU fro x64 machines) it raises SequrityException

Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

So what is the problem with it? And why it happens only on some conditions?

Answer 1

Another post mentions security issues when using the invariant culture. Perhaps this is your issue?

Using the InvariantCulture Property

The InvariantCulture property represents neither a neutral nor a

specific culture. It represents a third type of culture that is culture-insensitive. It is associated with the English language but not with a country or region. Your applications can use this property with almost any method in the System.Globalization namespace that requires a culture. However, an application should use the invariant culture only for processes that require culture-independent results, such as formatting and parsing data that is persisted to a file. In other cases, it produces results that might be linguistically incorrect or culturally inappropriate.

Security Considerations If a security decision will be made based

on the result of a string comparison or case change, your application should use an ordinal comparison that ignores case instead of using InvariantCulture. The default implementations of methods such as Compare()()() and ToUpper use the CurrentCulture property. Code that performs culture-sensitive string operations can cause security vulnerabilities if CurrentCulture is changed or if the culture on the computer running the code differs from the culture used to test the code. The behavior that you expect when writing a string operation differs from the actual behavior of your code on the executing computer. In contrast, an ordinal comparison depends solely on the binary value of the compared characters.

String Operations If your application needs to perform a

culture-sensitive string operation that is not affected by the value of CurrentCulture, it should use a method that accepts a CultureInfo parameter. The application should specify the value of the InvariantCulture property for this parameter. The application should use the property with methods such as Compare()()() and ToUpper to eliminate cultural variations and ensure consistent results. For more information about using the InvariantCulture property to perform culture-insensitive string operations, see Culture-Insensitive String Operations.

Persisting Data The InvariantCulture property is useful for

storing data that will not be displayed directly to users. Storing data in a culture-independent format guarantees a known format that does not change. When users from different cultures access the data, it can be formatted appropriately based on specific user. For example, if your application stores DateTime types in a text file, formatted for the invariant culture, the application should use the InvariantCulture property when calling ToString to store the strings and the Parse method to retrieve the strings. This technique ensures that the underlying values of the DateTime types do not change when the data is read or written by users from different cultures.