In today's world, security is a very serious issue, one that developers all too often view as being SEP -- someone else's problem. I'd ascribe this state of affairs to, among other things, the fact that security very often deals with specific, rather rarified skills like cryptography that many of us on the technology treadmill don't have the time to adequately absorb in between learning all the new tricks offered by the slick new version of our chosen development platform. For .Net developers, there's .Net Security, a surprisingly small and concise book from Apress on securing applications written for the .Net platform.
|
Beginning with chapter 4, .Net Security switches gears, beginning to concentrate more on security mechanisms than on cryptography. Chapters 4 and 5 respectively cover the built-in code access and role access security features of the .Net framework that provide a permission-and-request model for securing access to a system and its resources. Remote security is introduced in chapter 6, which begins with a brief overview of .Net's remoting capabilities and wraps up with discussions of authentication, authorization, and impersonation. Chapter 7 briefly deals with ASP.Net security. It provides some of the information you'll need to secure Web applications running on IIS. You'll want to look elsewhere for a comprehensive ASP.Net security guide, though, as the information relayed here is rather broad and general. However, this is understandable as doing justice to a topic as complex as security under ASP.Net would really require an entire book. Chapter 8 discusses Passport, which will certainly be of interest to Web and Web service developers. The book concludes with a short discussion of code obfuscation and tips on preventing decompilation of your assemblies in chapter 9. A great introduction
I liked this book, though it's not without its share of problems. For one thing, there are some minor problems with the source code examples. There are simple misspellings that are easy to figure out, but they do tend to make the cryptographic examples, in particular, rather cryptic, if you'll pardon the pun. For another, some of the source code examples don't seem to have enough detail to be clear. I found myself rereading entire sections to figure out why a few of the examples worked the way they did. Granted, I'm no security or cryptography expert, but shouldn't the measure of an introductory book be how clear it makes things for a novice? Viewed in this light, there could be some improvements made. In contrast, the conceptual examples are quite clear. I particularly enjoyed the discussion of the security problems with COM interfaces that was used as a lead-in to code access security in chapter 4. I'm not sure which of the four authors was responsible for the humor, but whoever it was should be lauded for lightening up what could otherwise have been an obscenely dull read. Overall, .Net Security is not the authoritative book on all aspects of .Net security, but the blurbs on the back cover really don't promote it as such. What it is, however, is a nicely crafted introductory guide to many of the tools and concepts you'll need to understand to take advantage of .Net's new security features.
For a weekly round-up of the enterprise IT news, sign up for the
Enterpise newsletter. Find out what's where in the new Tech Update with our
Guided Tour. Tell us what you think in the
Enterprise Mailroom.
Enterpise newsletter. Find out what's where in the new Tech Update with our
Guided Tour. Tell us what you think in the
Enterprise Mailroom.
