Summary

This chapter has demonstrated many of the techniques you need to ensure the security of your network and servers. It’s essential to remember that good security begins with the same basics that you use on the desktop, such as code and user verification and validation, but that network environments need even stricter management. Once you consider these requirements, you can move on to other issues such as network data transmission and the use of special features such as COM+.

The problem in trying to create a definitive network solution is that one doesn’t exist. You need all of the parts of a good security strategy in place to develop applications that are reasonably secure. It’s important to remember that a single check usually isn’t enough and even constant vigilance may prove inadequate in some situations. Checking a client’s identification at one end of the wire usually isn’t enough—you must check the other end as well and then you have to be suspicious of the findings you do verify. If I sound suspicious of everything, it’s because that’s the only way to create secure solutions on a network.

Chapter 9 moves from desktop and LAN development to development on the Internet. It begins by looking at the requirements for a Web server. As with your LAN server, a Web server requires careful setup and the same good coding strategies discussed for the LAN server. However, the Internet opens a wide range of other possible problems. For example, you must now deal with unknown entities accessing your server. Viruses that exploit problems in code beyond your control are also an issue. Chapter 9 helps you write programs that deal with situations that are beyond your control. While you can’t prevent some things from happening, you can at least protect your own code.