Chapter 8. The Cryptography Application Block

Previous page
Table of content
Next page

NOT LONG AGO, few applications were coded with security in mind, let alone coded so that security was a central design concept. In the mid1990s, for instance, few developers outside of niche areas such as finance or defense even addressed security in any substantive way. However, each time a new virus made the headlines or a security breach happened, security moved into the public awareness. Today, it is irresponsible for developers and architects to ignore security. Cryptography is one tool that developers have at their disposal to secure their applications. Cryptography is primarily used to ensure that data:

  • Remains private (data privacy)

  • Is protected from modification (data integrity)

  • Originates from the party from which it is supposed to originate (authentication)

Data privacy is used to hide an application's secret information; in other words, "to keep secrets secret." Data privacy is often achieved by encrypting data. For example, if you log into Gmail or search for an item on Amazon.com, you'll often see a string of unfamiliar characters in the query string. These characters are usually information that is specific to your account, but it's encrypted so that it's unintelligible to the human eye.

Encryption's main purpose is to ensure that if unauthorized people see your information, they won't be able to understand it (or even know what it is).

Data integrity is typically implemented by means of computing mathematical "hash" values, which, in turn, allow you to verify that the information you are viewing has not been tampered with. If the values are intact, then the hash will compute correctly; otherwise, the hash will not match. This notion is commonly referred to as nonrepudiation and is critical to ecommerce, for instance.

The final facet of security is known as authenticationnamely, proving that entities are who they say they are. For example, if Person A calls Person B on the phone, Person B typically relies on auditory familiarity to confirm that Person A is who he says he is. But if someone from your bank called and asked you for some sensitive information, you'd typically be suspicious. One way you'd address this is to call the bank back. This provides a level of authentication. Digital certificates are used in a similar way to prove that the entities on the other end are who they say they are.

This chapter describes how the Cryptography Application Block has been designed to make it easier for developers to mitigate data privacy and data integrity threats in their applications. Throughout the chapter I compare the design and code that exists in the Cryptography Application Block to the methods and samples in Chapters 8 and 9 of Writing Secure Code, Second Edition, by Michael Howard and David C. LeBlanc (Microsoft Press, 2003). I discuss how the code in this block leverages the best practices outlined in that book and how this results in an extremely simple interface for using this application block.



Previous page
Table of content
Next page
Fenster Effective Use of Microsoft Enterprise Library(c) Building Blocks for Creating Enterprise Applications and Services 2006
Effective Use of Microsoft Enterprise Library: Building Blocks for Creating Enterprise Applications and Services
ISBN: 0321334213
EAN: 2147483647
Year: 2004
Pages: 103
Authors: Len Fenster
BUY ON AMAZON
Adobe After Effects 7.0 Studio Techniques
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Data Structures and Algorithms in Java
Information Dashboard Design: The Effective Visual Communication of Data
802.11 Wireless Networks: The Definitive Guide, Second Edition
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy