Introduction

Previous page
Table of content
Next page


Carpe Diem—seize the day! Every network administrator, every developer, every user, anyone who even considers touching that bit of technology known as the computer should have this statement implanted in their consciousness. If everyone seized the day to think about security, this book wouldn’t be necessary. Security is all too easy to put off until tomorrow, but you have to think about it today—now! The cracker residing on the other end of the line certainly won’t wait for you to get around to adding the security you need to your application—crackers count on you putting security off until tomorrow.

Finding the Middle Ground

Now that your adrenaline is pumping, let me bring you back to earth. Thinking about security and implementing security are two different tasks. It’s easy to think about security: all you need is a clear day, a warm breeze, and a nice shade tree to enjoy. On the other hand, many developers quickly throw in the towel when they need to implement security because they don’t really understand how security should work. Many developers approach the topic in a very draconian way and deprive every user of every right for every reason. Usually, this approach fails. Other developers give every right to everyone for any reason whatsoever. This approach also fails.

Finding the middle ground for security so that you can implement it is tough. The security experts certainly can’t make up their minds. During my research for this book, I read several hundred security-specific articles written by accomplished security professionals who are experts in their fields. I have no doubt that what I read was the most correct information the person could provide. Unfortunately, the information provided often contradicted the findings of other security professionals.

My goal in writing this book is to help developers find the practical side of security—the middle ground you need to write a good application. Within these pages, you’ll find a wealth of code, ideas, and resources you can use to make your security decisions based on fact. I also tell you when a decision is likely to cause problems no matter what answer you use because there simply isn’t a good answer. For example, what do you do about the user who insists on writing their password down? You can use a number of techniques to encourage the user to keep their password secret, but short of depriving them of every possible form of communication, there isn’t a good answer for keeping the password secret if the user won’t cooperate.

Understanding the Human Side of Security

This book isn’t just about coding techniques. Although I do demonstrate many useful techniques (some chapters have seven complete examples), I also help you understand what these techniques mean in human terms. After all, you have to deal with people when it comes to security. The presentation, implementation, and use of security in an application must coincide with the expectations of the user or you won’t get their cooperation. The harder you work to force such cooperation, the more often you’ll fail to get it. However, you can use coding techniques to point the user in the right direction and make security seem more like a helping hand than a hindrance. This book shows you how to accomplish what seems impossible.

No one knows all the answers. I’m also honest enough to tell you when I don’t have a solution to your human problem. In many cases, I’ll even tell you what you need to do to resolve the problem on your own or who to contact to get help. The important thing is that I at least give you something to think about—an idea to use or a concept to consider. Even if I can’t provide a complete solution, you’ll get enough information to make a good choice based on your particular needs.

Overcoming Smoke and Mirrors

A few security experts and some of the people in the media engage in smoke and mirrors security. They would have you believe that every virus is going to gobble up every byte of data on your system and that the outlook is hopeless. According to these sources, the second you attach anything to the Internet your data is going to become hopelessly corrupted. Sometimes it feels like one of those bad dreams where you appear in public unsuitably dressed and everyone laughs at you. However, security isn’t hopeless and you’re far from helpless. There are solutions to most security problems.

This book helps you find solutions—not just quick solutions, but solutions that actually work because they’re based on facts. One of the most important things I wanted to accomplish when I wrote this book is to help developers overcome security issues by using good programming techniques. You don’t need to rely on smoke or mirrors when you write an application. What you really need is a list of solutions from which to choose and this book provides more than a few of them.

Knowing It Really Is Broken

You can’t develop amazing solutions using broken tools. The problem with security is that someone is always looking for a way to break the lock. Unfortunately, vendors won’t tell you that their solution is broken, so many developers literally don’t know that their network is an open playground for crackers because they don’t have a secure solution. The tool is broken, but no one’s willing to admit to the fact. This book tells you about the solutions that are broken as of the time of writing. It also helps you learn where to look for information on tools that get broken in the future. Knowing that a tool is broken is an important step in avoiding a security hole.

The Bottom Line

I’d love to tell you that this book is going to make you a security expert and that somehow you’ll become clairvoyant enough to spot every potential cracker exploit weeks before it happens. If you find such a solution, please let me know about it because I’d like to become clairvoyant too. Everyone’s applications, data, and network are subject to attack—it’s what you do with this knowledge that makes the difference between an adequate programmer and a great programmer. What this book does provide is good solid coding techniques that you can use to create great applications. Yes, someone will figure out a way to break into your code, but you’ll have a good chance of knowing the second that they do. In many cases, the techniques in this book will also alert you to data damage, silly user tricks, and a wealth of other problems. In short, you won’t become an expert—you’ll become proficient. Instead of simply thinking about security, you’ll be able to implement it.


Previous page
Table of content
Next page
.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168
Authors: John Paul Mueller
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
High-Speed Signal Propagation[c] Advanced Black Magic
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Special Edition Using FileMaker 8
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy