|
parsing data, 64
partially trusted code, 281
Passport, See also Web services security
defined, 321
versus Liberty Alliance Project, 322
logging in to, 323–325
.NET requirements, 321
PUIDs, 450
in System.Web.Security namespace, 41, 323
warning, 323
passwords
cryptography and, 172–173
guidelines for choosing, 237
for SQL Servers, 274–277, 276
patches
for database security, 266
defined, 450
for LAN servers, 220
locating information on, 25–26
PDAs (Personal Digital Assistants), 450, See also wireless device security
performance counters, detecting DDOS attacks, 254–258, 257
Permission View Tool, 83–87, 86–87
permissions, See also authorization; code access security; privileges
adding, 81, 128, 307
attributes problem in checking, 308–309, 309
versus authentication, 345
building evidence to obtain, 79–80, 80
checking using imperative security, 309–310, 310
creating permission sets, 90–91, 91
custom permissions
creating, 128–137, 135
creating code groups based on, 142–143
installing in policies, 140–142, 141–142
overview of, 139–140
testing, 137–139, 143–144, 144
declarative implementation, 136–137
imperative implementation, 128–135, 135
listing with CASPol tool, 109–110, 110
listing via policies, 78–79
modifying, 81
SQL Server problem with, 273
standard, in .NET, 80
System.Security.Permissions namespace, 39
Petroutsos, Evangelos, 265
PInvoke, 19–20, 352, 352
PKI. See X.509 certificates
PocketSoap utility, 381–382
pointers in Win32 API, 394–395
policies, See also CASPol; code access security; role-based security
creating policy deployment packages, 159–160
custom permissions and
creating code groups based on, 142–143
installing in policies, 140–142, 141–142
overview of, 139–140
testing, 143–144, 144
defined, 12
defining policy assemblies, 91
editing, 89
listing permissions via, 78–79
overview of, 12–13, 108, 139–140, 145
resetting defaults, 140
System.Security.Policy namespace, 39–40
templates, 404
in wireless security, 380–381
ports, 288, 307
Price, Jason, 265
principal objects, 81–83, 82
private keys, See also cryptography, symmetric
privileges, See also permissions
granting appropriately, 62–63
information, obtaining in DACL, 414–417, 417
problems. See avoiding; cracker exploits; errors; security risks; troubleshooting
programs, external, accessing, 167–169
proxy, 450
proxy/stub setup of Web services, 303
Public Key Infrastructure. See X.509 certificates
public/private keys, See also cryptography, asymmetric
Publisher evidence class, 76, 99
PUIDs (Passport Unique Identifiers), 450
|