Synopses & Reviews
When you use .NET to create client-and server-side applications, you have to address a new and large set of security issues. .NET SecurityA shows you what you need to know by covering the different aspects of the .NET security model through detailed discussions about the key namespaces. The authors not only demonstrate how to write .NET code that can create secure systems within the .NET Framework, but also discuss ways that someone may try to break the security model in .NET, and how .NET prevents such intrusions. A.NET SecurityA is a tutorial about how to use the .NET security and cryptographic classes as well as a reference for any developer who wants to understand how security is implemented in the .NET Framework. The .NET Framework requires understanding in many new areas such as managed code, permissions, and evidence--and this book covers them all. About the Authors: Jason Bock is consultant and instructor for Intertech-Inc. (a company devoted to delivering hands-on workshops for enterprise web developers and whose focus is the professional JavaA, XML, and .NET enterprise developer). He has worked on a number of business applications using a diverse set of substrates and languages such as C#, .NET, and Java. He is also the author of ACIL Programming: Under the Hood of .NETA by Apress and AVisual Basic 6 Win32 API TutorialA, and has written numerous articles on technical development issues associated with both VB and Java. Jason holds both a B.A. and a Masters degree in Electrical Engineering from Marquette University. You can find out more about him at http: //www.jasonbock.net Pete Stromquist is a consultant at Magenic Technologies (one of the nation's premiere Microsoft Gold Certified Partners), specializing in Web-enabled application development using Microsoft tools and technologies. He has spent the last several years architecting and developing the following types of applications: Intranet content management, Web-enabled training and testing software, B2B and B2C e-commerce, and Web-based telemetry and logistics. Pete has complimented his VB skills with several other technologies such as: XML, XSL, COM+, IIS, ASP, and, of course, .NET. He also enjoys teaching and presenting on .NET technologies. Pete has a Mechanical Engineering background, receiving his Bachelor of Science from the University of Minnesota. Tom Fischer's career spans a broad range of technologies with some of the most prestigious consulting firms in the Twin Cities. His certifications include the Sun Certified Java Programmer (SCJP), Microsoft Certified Solution Developer (MCSD), and Microsoft Certified Database Administrator (MCDBA). And as a Microsoft Certified Teacher (MCT), Tom also helps teach other developers about the latest Microsoft .NET tools and technologies. Nathan Smith is a consultant with Spherion in Scottsdale, AZ. He holds almost every Microsoft acronym possible (all but MCT) and specializes in the development of and conversion to Web enabled applications. Prior to the first beta release of C#, he focused primarily on Visual Basic development which he's been involved with for approximately six years.
When you use .NET to create client-and server-side applications, you have to address a new and large set of security issues. .NET Security shows you what you need to know by covering different aspects of the .NET security model through detailed discussions about the key namespaces. The authors demonstrate how to write .NET code to create secure systems within the .NET Framework. They also discuss possible break-ins to the security model in .NETand how .NET prevents such intrusions.
This tutorial explains how to use the .NET security and cryptographic classes, and functions as a reference manual for developers seeking to understand security implementation in the .NET Framework. Additionally, the .NET Framework requires understanding in many new areas like managed code, permissions, and evidenceall of which this dynamic book covers. Table of Contents The Basics of Cryptography and Security Using the .NET Cryptography Classes XML Encryption and Signatures Code Access Security Role Access Security Remoting and Security ASP.NET Web Application Security Passport Protecting Code
"We just lost all of our JPEGs on our Web server, and . . . um . . . we don't have a backup. " ': Attention If you have received an e-mail from Bob, do not open it. " "Could you look at this auachment? I think it's a virus . . . . " VIRUSES. MALICIOUS E-MAIL ATTACHMENTS. Denial of service attacks. You can probably think of a number of other incidents that have happened to either you or a friend of yours on the job where a piece of unwanted code wreaked havoc on unsus pecting users. We've seen our share at the places we've worked at. In fact, all three of the quotes are from our jobs. The first incident happened when an employee opened an e-mail that contained a virus. Since he had the Web server mapped as a network drive, the images located on the server were destroyed. The second occurred when a consultant had the e-mail preview option on in Outlook and a virus was accidentally started. The company panicked, and ended up broad casting a warning message over the intercom system. The last one happened when someone within the company triggered a virus, and management wanted one of us (Jason) to examine the attachment, as it looked like VBScript. They were hoping that they'd have a chance at understanding what kind of damage was being done to their systems. We'd all like code to do what we want it to do."
As .NET becomes the standard way to create Windows applications, a whole new set of issues and questions have already been raised about security and the .NET framework. .NET Security addresses those issues by covering the different aspects of the .NET security model. .NET Security is designed to be a reference for any developer who wants to understand the security aspects of the .NET framework. There are many new concepts that the framework brings to light, such as managed code, permissions, and evidence. Jason Bock demonstrates to the reader how to write .NET code such that the developer can create secure systems with the .NET framework. Bock also discusses ways that someone may try to break the security model in .NET, and how .NET prevents such intrusions.
Table of Contents
1. Introduction.- 2. Cryptography Classes.- 3. Protocols.- 4. Permissions and Evidence.- 5. Principles and Roles.- 6. Remoting and Remote Code.- 7. Managed, Safe, and Signed Code.- 8. Code Breaking.- 9. Windows Integration.- 10. .NET Security Tools.