Chapter 23. Creating Secure Code: What All .NET Framework Developers Need to Know

Chapter 23. Creating Secure Code: What All .NET Framework Developers Need to Know

By Rudi Martin

IN THIS CHAPTER

• Security and the Developer

• Structure of the .NET Framework Security System

• Limitations of the .NET Framework Security System

So far, we have dealt with the .NET Framework security system primarily from an abstract, conceptual level or from the point of view of an administrator. The following chapters (23 through 26) focus on a developer-oriented approach. This encompasses the entire development life cycle: from initial architecture and design to implementation, testing, and maintenance.

We'll discuss the mechanics of designing and writing your own secure code: common strategies, pitfalls, and trade-offs. Where appropriate, we'll discuss details of the .NET Framework's own security design and implementation.

This chapter will concern itself principally with describing what exactly we mean by security and defining the bounds of the .NET Framework security system. You will gain insight into the following topics:

• What constitutes "secure" code

• How security enforcement is split between the .NET Framework and the operating system

• What the .NET Framework security system can and cannot do to protect your applications