for RuBoard |
By Rudi Martin
IN THIS CHAPTER
Security and the Developer
Structure of the .NET Framework Security System
Limitations of the .NET Framework Security System
So far, we have dealt with the .NET Framework security system primarily from an abstract, conceptual level or from the point of view of an administrator. The following chapters (23 through 26) focus on a developer-oriented approach. This encompasses the entire development life cycle: from initial architecture and design to implementation, testing, and maintenance.
We'll discuss the mechanics of designing and writing your own secure code: common strategies, pitfalls, and trade-offs. Where appropriate, we'll discuss details of the .NET Framework's own security design and implementation.
This chapter will concern itself principally with describing what exactly we mean by security and defining the bounds of the .NET Framework security system. You will gain insight into the following topics:
What constitutes "secure" code
How security enforcement is split between the .NET Framework and the operating system
What the .NET Framework security system can and cannot do to protect your applications
for RuBoard |