Chapter 11. Security


Secrets are funny things. With billions of people on the planet, there is no shortage of really interesting events and stories, but none of them will hold our interest if there is a secret to be discovered somewhere else. For instance, former Associate Director of the FBI, W. Mark Felt, revealed himself to be the famous Deep Throat of Watergate fame, but not before 30 years of speculation and whispering about this secret identity had passed by. Other secrets are just as intriguing, even if we are in on the secret. Superman is fascinating in part due to his secret alter ego, Clark Kent. Many books include the word "Secret" in their titles to make them and their topics more interesting, titles such as Japanese Cooking Secrets.

In this era of information overload and increasingly permissive moral standards on television, secrets seem to be scarce. But everyone has important information that they need to keep protected from others, and that includes the users of your programs. Fortunately, .NET programs and related data can be as secure as you need, if you use the security features available to you in the .NET Framework.

Here's a secret that I'll expose right now: I really don't know that much about computer security issues. Back in the early '80s, I worked for a computer vendor that was coming out with its own UNIX System V implementation. They needed to confirm that it would be sufficiently secure for governmental sales, and I was tasked with building a bibliography of computer security resources, including the famous "Orange Book," a government security standards document whose title has no rhyme.

Although I don't recall many of the security details, I do remember that it would take several city garbage trucks to haul away all of the available materials on computer security. The bibliography I developed was over 40 pages long! And that was just the table of contents. One article that I do recall was quite interesting. It discussed how passwords are generated in UNIX systems, at least back when AT&T was in charge. The interesting part was that the entire algorithm was printed in a publicly available book. Anyone could examine the book and see how the passwords were generated. And if you were familiar with UNIX, you knew that each user's encrypted password was stored in plaintext in the file /etc/passwd. But it wasn't a big deal. Although the method for deriving the password was public knowledge, and although you could see everyone's encrypted password, UNIX was still considered secure enough for use even in the military.




Start-to-Finish Visual Basic 2005. Learn Visual Basic 2005 as You Design and Develop a Complete Application
Start-to-Finish Visual Basic 2005: Learn Visual Basic 2005 as You Design and Develop a Complete Application
ISBN: 0321398009
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Tim Patrick

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net