Sensitive Data


If your application transmits sensitive data to and from a serviced component across a network to address the network eavesdropping threat, the data should be encrypted to ensure it remains private and unaltered. You can use transport level protection with IPSec or you can use application level protection by configuring your Enterprise Services application to use the RPC packet privacy authentication level. This encrypts each packet of data sent to and from the serviced component to provide privacy and integrity.

You can configure packet privacy authentication using the Component Services tool or by adding the following attribute to your serviced component assembly:

 [assembly: ApplicationAccessControl(                    Authentication = AuthenticationOption.Privacy)] 

For more information about using IPSec to encrypt all of the data transmitted between two computers, see "How To: Use IPSec to Provide Secure Communication Between Two Servers" in the "How To" section of "Microsoft patterns & practices Volume I, Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication " at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT00.asp .




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net