Get flash to fully experience Pearltrees
ecurity is a hot topic these days. It is as if developers and system designers are fighting a never ending war against those who desire to damage hardware, compromise system availability, steal data, and tarnish hard-earned client trust. And as if malicious threats weren't enough, we must also protect ourselves from damages inflicted by accidental removal or modification of data.
CLR Inside Out Using Strong Name Signatures Mike Downen Strong name signatures (and signing in general) are a key facet of Microsoft ® .NET Framework security. But regardless of how well designed .NET signatures may be, they won’t offer the maximum benefit if you don’t know how to use them properly.
Building a Single Sign On Provider Using ASP.NET and WCF: Part 4 This is the fourth and final article in a four part series on building a single sign on (SSO) provider using the ASP.NET platform. Make sure to check out part 1 , part 2 and part 3 .
Update: Since the Release Candidate of ASP.NET MVC, these anti-forgery helpers have been promoted to be included in the core ASP.NET MVC package (and not in the Futures assembly). Cross-site scripting (XSS) is widely regarded as the number one security issue on the web. But since XSS gets all the limelight, few developers pay much attention to another form of attack that’s equally destructive and potentially far easier to exploit.
Hard coding passwords into your application or your web site is a bad thing. Microsoft SQL has the ability to use "trusted connections" to authenticate your database connection against your login name, so no passwords are ever sent to SQL server, just your login name and an authentication token. But once you come to use this feature in asp.net you run into problems, because of how asp.net works and the user it runs as. In a default configuration asp.net runs as (or rather, in the context of) the ASPNET user on the local machine.
I am a big fan of checklists in any relatively complex system that has to be delivered under time crunch, like say Web Services, the checklist can save your bacon. If you hired me to work on your project I would use this Web Services Security Checklist to verify standards, mechanisms, and implementation throughout the SDL My partner Pat Christiansen likes to say that architecture artifacts are for communication as much as for engineering. A checklist is a simple artifact that helps ensure consistency throughout architecture, threat modeling, security design requirements, and building security implementation. It is easily understood. The Web Services Security Checklist I use has a list of security architecture concerns and then those are mapped across each interaction point so you can specify the Service Requester and Service Provider responsibilities at each point in the system.