General Recommendations

Security pedants will tell you that there is never enough security; they sigh when they run out of ways to further tighten code. However, not all code requires the same attention to security detail. Here are some guidelines that will help you decide how much security tightening is required. Keep in mind that an adaptive strategy is best. In the rare instance when your best efforts have failed because some digital miscreant has stayed up all night trying to poke holes in your security, adaptability and responsiveness will serve you well. That is, be prepared to identify the security hole and plug it up.

As you begin to design your applications, consider these guidelines.

  • The more connected the system is, the greater the risk. This doesn't mean that there aren't internal risks and that mistakes aren't made. Prepare for disconnected desktop applications that could cause unintentional problems. Good testing will help eliminate some of these, but you may not get them all. A good security policy helps too.

  • If the application is mission critical or the circumstances of failure are dire, hire an outside security expert. (Or consider hiring a full-time security administrator. Just make sure you pick someone who doesn't mind being unpopular.)

  • Provide all employees with a written security policy that addresses things like telecommuting and securing access to data and source code.

  • In general, allow security permission failures to be catastrophic. Let the application fail. This will send a clear signal that some code has attempted to violate the security policy.

  • Use Asserts actions judiciously since they can cause holes in security.

  • Tune security gradually, granting the minimal permissions necessary for the code to run, and keep a record of modifications to the security policy. This will allow you to roll back changes that don't work, as opposed to starting from scratch.

  • Finally, I encourage you to not leave security to chance. Acquire as much knowledge as you can and share information as quickly as you can.

Security management is becoming as complex as the U.S. tax code. Unfortunately there doesn't seem to be a simple solution, and the world seems to produce a continual stream of mischief makers determined to poke holes in all security attempts. However, if you approach security holistically rather than blaming the entire problem on Microsoft, only the most determined and experienced troublemakers will find cracks.

Visual Basic. NET Power Coding
Visual Basic(R) .NET Power Coding
ISBN: 0672324075
EAN: 2147483647
Year: 2005
Pages: 215
Authors: Paul Kimmel © 2008-2017.
If you may any questions please contact us: