Chapter 22 -- Adding Security

Chapter 22

Security is extremely important. Placing a Web server on the Internet means that millions of people might have access to that server. Sensitive information must be protected from those who do not have the right to view it, yet it must still be made readily available for others. This is a fundamental challenge of Web server administration for those who deploy Internet applications, as well as those who manage intranet and extranet servers.

Consider, for example, a corporate Human Resources application. All employees probably have the right to view their own information and request changes. A much smaller number of employees, such as the Human Resources department, might need to view all employee information. An even smaller group will be able to change an employee's benefits based on an employee request or other circumstance such as a promotion. Another small group will be able to modify the application itself. In many cases, only the Web administrator has the right to create a new application.

Fortunately, several general mechanisms are available to address these and other security needs: access control, user authentication, and encryption. These mechanisms include but are not limited to

  • IP Filtering
  • Microsoft Windows NT User Access Rights
  • Microsoft FrontPage Server Extensions Permissions
  • NTFS Permissions
  • Secure Sockets Layer (SSL)
  • Client Certificates
  • Database Security

The best way to implement security and make a site acceptably secure is to address each of these items in turn. The combination of these items yields a secure site that can deter all but the most determined hackers. It's always a trade-off, of course—the amount of time invested in applying security measures should be proportional to the sensitivity of your data. You'll also find that once you master these principles on one project, you can leverage your knowledge on future projects.

You should always keep security in the back of your mind as you develop Microsoft Visual InterDev applications—especially those that go out over the Internet to reach your customers and business partners.



Programming Microsoft Visual InterDev 6. 0
Programming Microsoft Visual InterDev 6.0
ISBN: 1572318147
EAN: 2147483647
Year: 2005
Pages: 143

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net