Chapter 22
Security is extremely important. Placing a Web server on the Internet means that millions of people might have access to that server. Sensitive information must be protected from those who do not have the right to view it, yet it must still be made readily available for others. This is a fundamental challenge of Web server administration for those who deploy Internet applications, as well as those who manage intranet and extranet servers.
Consider, for example, a corporate Human Resources application. All employees probably have the right to view their own information and request changes. A much smaller number of employees, such as the Human Resources department, might need to view all employee information. An even smaller group will be able to change an employee's benefits based on an employee request or other circumstance such as a promotion. Another small group will be able to modify the application itself. In many cases, only the Web administrator has the right to create a new application.
Fortunately, several general mechanisms are available to address these and other security needs: access control, user authentication, and encryption. These mechanisms include but are not limited to
The best way to implement security and make a site acceptably secure is to address each of these items in turn. The combination of these items yields a secure site that can deter all but the most determined hackers. It's always a trade-off, of course—the amount of time invested in applying security measures should be proportional to the sensitivity of your data. You'll also find that once you master these principles on one project, you can leverage your knowledge on future projects.
You should always keep security in the back of your mind as you develop Microsoft Visual InterDev applications—especially those that go out over the Internet to reach your customers and business partners.