Programming .NET security /

Saved in:
Bibliographic Details
Author / Creator:Freeman, Adam.
Imprint:Sebastopol, CA ; Farnham : O'Reilly, 2003.
Description:1 online resource (xviii, 693 pages) : illustrations
Language:English
Subject:
Format: E-Resource Book
URL for this record:http://pi.lib.uchicago.edu/1001/cat/bib/13590308
Hidden Bibliographic Details
Other authors / contributors:Jones, Allen.
ISBN:9780596516536
0596516533
9780596552275
0596552270
0596004427
9780596004422
Digital file characteristics:text file
Notes:"Writing secure applications using C♯ or Visual Basic .NET"--Cover
Includes index.
Includes bibliographical references and index.
Electronic reproduction. [Place of publication not identified] : HathiTrust Digital Library, 2010.
Master and use copy. Digital master created according to Benchmark for Faithful Digital Reproductions of Monographs and Serials, Version 1. Digital Library Federation, December 2002. http://purl.oclc.org/DLF/benchrepro0212
English.
digitized 2010 HathiTrust Digital Library committed to preserve
Print version record.
Summary:With the spread of web-enabled desktop clients and web-server based applications, developers can no longer afford to treat security as an afterthought. It's one topic, in fact, that .NET forces you to address, since Microsoft has placed security-related features at the core of the .NET Framework. Yet, because a developer's carelessness or lack of experience can still allow a program to be used in an unintended way, Programming .NET Security shows you how the various tools will help you write secure applications. The book works as both a comprehensive tutorial and reference to security issues for .NET application development, and contains numerous practical examples in both the C♯ and VB.NET languages. With Programming .NET Security, you will learn to apply sound security principles to your application designs, and to understand the concepts of identity, authentication and authorization and how they apply to .NET security. This guide also teaches you to: use the .NET run-time security features and .NET security namespaces and types to implement best-practices in your applications, including evidence, permissions, code identity and security policy, and role based and Code Access Security (CAS) use the .NET cryptographic APIs, from hashing and common encryption algorithms to digital signatures and cryptographic keys, to protect your data. use COM+ component services in a secure mannerIf you program with ASP.NET will also learn how to apply security to your applications. And the book also shows you how to use the Windows Event Log Service to audit Windows security violations that may be a threat to your solution. Authors Adam Freeman and Allen Jones, early .NET adopters and long-time proponents of an "end-to-end" security model, based this book on their years of experience in applying security policies and developing products for NASDAQ, Sun Microsystems, Netscape, Microsoft, and others. With the .NET platform placing security at center stage, the better informed you are, the more secure your project will be
Other form:Print version: Freeman, Adam. Programming .NET security. Sebastopol, CA ; Farnham : O'Reilly, 2003 0596004427
Standard no.:0596004427
Table of Contents:
  • Programming .NET Security; Part II: .NET Security; Part III: .NET Cryptography; Part IV: .NET Applications Frameworks; Part V: API Quick Reference; Who Should Read This Book; Assumptions This Book Makes; Conventions Used in This Book; How to Contact Us; I. Fundamentals; 1.2. Roles in Security; 1.2.2. The Architect; 1.2.3. The Programmer; 1.2.4. The Security Tester; 1.2.5. The System Administrator; 1.2.6. The User; 1.2.7. The Hacker/Cracker; 1.3. Understanding Software Security; 1.3.2. Trust; 1.3.3. Secrets; 1.3.3.2. Protecting secrets; 1.4. End-to-End Security; 1.4.2. Side Channels
  • 1.4.3. Physical Security1.4.4. Third-Party Software; 2. Assemblies; 2.2. Creating Assemblies; 2.2.2. Creating a Multifile Assembly; 2.3. Shared Assemblies; 2.4. Strong Names; 2.4.2. Creating an Assembly Strong Name; 2.4.2.2. Specifying the key pair; 2.4.2.3. Creating the strong name; 2.4.2.4. Creating a strong name for a multifile assembly; 2.4.3. Delayed Signing; 2.4.4. Verifying a Strong Name; 2.5. Publisher Certificates; 2.6. Decompiling Explained; 2.6.2. Protecting Against Decompilation; 2.6.2.2. Native compilation; 3. Application Domains; 3.1.2. Application Domain and Assembly Management
  • 3.1.3. Assembly Isolation with Application Domains3.1.4. Application Domains and Runtime Security; 3.1.4.2. Application domain evidence and identity; 3.1.4.3. Application domains and security policy; 3.1.4.4. Role-based security; 3.1.4.5. Application domains and isolated storage; 3.1.5. Application Domains and Application Configuration; 4. The Lifetime of a Secure Application; 4.1.2. Identifying Trust; 4.1.3. Identifying Secrets; 4.1.4. Failing Gracefully; 4.2. Developing a Secure .NET Application; 4.3. Security Testing a .NET Application; 4.4. Deploying a .NET Application
  • 4.5. Executing a .NET Application4.6. Monitoring a .NET Application; II. .NET Security; 5.2. Introducing Role-Based Security; 5.3. Introducing Code-Access Security; 5.3.2. Windows Security and Code-Access Security; 5.4. Introducing Isolated Storage; 6. Evidence and Code Identity; 6.1.1.2. Assembly evidence; 6.2. Programming Evidence; 6.2.2. Using the Evidence Class; 6.2.3. Using the Standard Evidence Classes; 6.2.3.2. The Hash class; 6.2.3.3. The Publisher class; 6.2.3.4. The Site class; 6.2.3.5. The StrongName class; 6.2.3.6. The Url class; 6.2.3.7. The Zone class; 6.2.4. Viewing Evidence
  • 6.2.5. Assigning Evidence to Assemblies6.2.6. Assigning Evidence to Application Domains; 6.3. Extending the .NET Framework; 6.3.1.2. Using the SecurityElement Class; 6.3.1.3. Building the Author evidence class; 6.3.2. Using Custom Evidence; 6.3.2.2. Serializing evidence; 6.3.2.3. Embedding evidence in an assembly; 6.3.3. The Next Steps in Customization; 7. Permissions; 7.1.2. Requesting Permissions; 7.1.3. Permission Types; 7.1.3.2. Identity permissions; 7.1.4. Enforcing Code-Access Security; 7.2. Programming Code-Access Security; 7.2.1.2. Declarative security statements