|
Key concepts in this chapter are:
Using various techniques to deploy applications and components
Signing applications with Authenticode and strong-name signatures
Granting applications more permissions by modifying security policy
Deploying .NET code-access security updates
Protecting your code through obfuscation
In this chapter, you’ll learn about techniques you can use to secure your Microsoft Visual Basic .NET applications and components for deployment. This includes techniques for securing your setup deployment package and the Visual Basic .NET application (and components) contained within the setup package. If you are distributing your software over a nonsecure deployment medium such as the Internet, you should take one or more of the following measures to secure your application for deployment:
Certify yourself as the publisher of the software There should be no doubt the software was published by you and not an imposter. Later you will learn about Authenticode signing as a way of certifying yourself as the publisher of the software.
Protect your software from being modified The integrity of your software should not be compromised in any way. You can use strong-name signing (described later) as a means of guaranteeing the integrity of your software.
Restrain your software from performing destructive actions Your software should not be allowed to perform any destructive actions even if the software attempts to do so. In the next section, you’ll learn which deployment techniques provide the most restraint over your code by means of the .NET code-access security system.
The deployment techniques described in the next section should help you decide which of the above measures you need to take. Let’s take a look at those techniques.
|