.NET Framework Security
.NET Framework Security
ISBN: 067232184X
EAN: 2147483647
EAN: 2147483647
Year: 2000
Pages: 235
Pages: 235
- Table of Content
- Starting Page
- Copyright
- About the Authors
- Acknowledgments
- Introduction
- Demystifying .NET Framework Security
- What Do You Need to Know Prior to Reading This Book?
- What Software Will You Need to Complete the Examples Provided with This Book?
- How This Book Is Organized
- Where to Download the Associated Code for This Book
- Conventions Used in This Book
- Part I: Introduction to the .NET Developer Platform Security
- Chapter 1. Common Security Problems on the Internet
- Problems with Securing Mobile Code
- Writing Secure Applications
- Summary
- Chapter 2. Introduction to the Microsoft .NET Developer Platform
- Tight Language Interoperability
- Metadata
- JIT Compilation
- Garbage Collection
- Object-Oriented Programming
- Code Access Security
- Base Class Library
- Native Code Interoperability
- Summary
- Chapter 3. .NET Developer Platform Security Solutions
- Fundamental Security Benefits from the .NET Framework
- Mobile Code Solutions with the .NET Framework
- Networked Computing with the .NET Framework
- Summary
- Part II: Code Access Security Fundamentals
- Chapter 4. User- and Code-IdentityBased Security: Two Complementary Security Paradigms
- A Little Anatomy of Computer Security Systems
- A Review of User-IdentityBased Security
- Entering a New Paradigm: Code-IdentityBased Security
- How User- and Code-IdentityBased Security Systems Complement Each Other
- Summary
- Chapter 5. Evidence: Knowing Where Code Comes From
- Evidence Explained
- Different Sources of Evidence
- Evidence and the Base Class Library
- Summary
- Chapter 6. Permissions: The Workhorse of Code Access Security
- Permissions Explained
- How Permissions Are Used
- Declarative and Imperative Security
- Built-in Permissions
- Permission Sets
- Summary
- Chapter 7. Walking the Stack
- A Review of Stacks and Their Uses
- The Security Stack Walk
- Modifying a Stack Walk
- The Interaction of App Domains with Stack Walks
- Summary
- Chapter 8. Membership Conditions, Code Groups, and Policy Levels: The Brick and Mortar of Security Policy
- Membership Conditions
- Code Groups
- Policy Levels
- Default Security Policy
- Summary
- Chapter 9. Understanding the Concepts of Strong Naming Assemblies
- Assemblies and Identity
- PublicPrivate Key Pairs
- Signing and Verifying Assemblies
- Delay Signing Assemblies
- Comparison with Authenticode Signatures
- Summary
- Chapter 10. Hosting Managed Code
- What Does Hosting Mean?
- Containing Assemblies Through the Use of Appdomains
- Controlling Trust Within the Hosted Environment
- Dealing with Assembly-Sharing Issues
- Using Appdomains to Secure Unmanaged Clients
- Summary
- Chapter 11. Verification and Validation: The Backbone of .NET Framework Security
- Review of the Anatomy of an Assembly
- PE File Format and Metadata Validation
- IL Validation and Verification
- Code Access Security s Dependence on Validation and Verification
- Summary
- Chapter 12. Security Through the Lifetime of a Managed Process: Fitting It All Together
- Development-Time Security Considerations
- Deployment-Time Security Issues
- Execution-Time Security Issues
- Summary
- Part III: ASP.NET and Web Services Security Fundamentals
- Chapter 13. Introduction to ASP.NET Security
- New Security Features in ASP.NETAnd How to Use Them
- Authentication for Web Services
- Code Access Security and ASP.NET
- Summary
- Chapter 14. Authentication: Know Who Is Accessing Your Site
- ASP.NET Authentication and IIS Authentication
- Default IIS Settings
- Using CLR Role-Based Security in Windows
- Using ASP.NET Forms Authentication
- Using Impersonation and Delegation in ASP.NET
- Summary
- Chapter 15. Authorization: Control Who Is Accessing Your Site
- File and Directory Access Control Lists (ACLs)
- Using URL Authorization to Allow or Limit Access
- Using Programmatic Authorization to Determine Who Is Attempting to Access Your Site
- Summary
- Chapter 16. Data Transport Integrity: Keeping Data Uncorrupted
- Implementing SSL Encryption and HTTPS
- Encryption of Individual Data ElementsAn Overview
- Remoting and Encryption via SinksAn Overview
- Summary
- Part IV: .NET Framework Security Administration
- Chapter 17. Introduction: .NET Framework Security and Operating System Security
- A Roadmap for Administering the Security Context of Managed Code
- .NET Framework Security and Operating System Security Settings
- Summary
- Chapter 18. Administering Security Policy Using the .NET Framework Configuration Tool
- Before Making Any Security Policy Change: Administration Strategies
- Introduction to the .NET Framework Configuration Tool
- Increasing Trust for an Assembly or Software Publisher Using the Trust Assembly Wizard
- Changing Trust for a Zone Using the Adjust Security Wizard
- Manipulating the Security Policy Tree DirectlyBasic Techniques
- Testing Security Policy Using the Evaluate Assembly Wizard
- Modeling Policy Changes Using Open and New
- Deploying Security Policy
- Resetting Security Policy
- The .NET Framework Configuration Tool s Self Protection Mechanism
- Administrative Tactics: Scenarios, Solutions, Hints, and Tricks
- Summary
- Chapter 19. Administering .NET Framework Security Policy Using Scripts and Security APIs
- Using Batch Scripts for Security Policy Administration
- Changing Security Policy by Programming Directly to the Security APIs
- Summary
- Chapter 20. Administering an IIS Machine Using ASP.NET
- XML-Based Configuration Files
- Hierarchy of .NET Configuration Files
- Attributes and Settings
- IIS Security SettingsA Refresher
- Summary
- Chapter 21. Administering Clients for .NET Framework Mobile Code
- Default Security Policy and Mobile Code
- Limitations on Calling Strong Named Components
- Running Mobile Code in Internet Explorer
- Summary
- Chapter 22. Administering Isolated Storage and Cryptography Settings in the .NET Framework
- Administering Isolated Storage
- Administering Cryptography Settings
- Summary
- Part V: .NET Framework Security for Developers
- Chapter 23. Creating Secure Code: What All .NET Framework Developers Need to Know
- Security and the Developer
- Structure of the .NET Framework Security System
- Limitations of the .NET Framework Security System
- Summary
- Chapter 24. Architecting a Secure Assembly
- Thinking Like a Security Expert: How to Improve the Security of Your Designs from Day One
- If All Else Fails
- Don t Throw It All Away
- Summary
- Chapter 25. Implementing a Secure Assembly
- Using Existing Security Mechanisms
- Implementing Your Own Permissions
- Working with Strong Names
- Summary
- Chapter 26. Testing a Secured Assembly
- Determining What Is Being Protected
- Determining How Resource Protection Is Implemented
- Testing Any Applied Custom Permissions
- Testing the Methods and Properties That Should Be Protected
- Summary
- Chapter 27. Writing a Secure Web Site Using ASP.NET
- Designing a Secure Web Site
- Implementing a Secure Web Site
- Summary
- Chapter 28. Writing a Secure Web Application in the .NET Development Platform
- ASP.NET with Remoting Versus Web Services
- Authentication and Authorization Without IIS
- Summary
- Chapter 29. Writing a Semi-Trusted Application
- Restrictions on Libraries That Can Be Called
- Making Permission Requests
- Protecting Data
- Being Careful About What Code Gets Executed
- Being Aware of Permissions at Runtime
- Summary
- Chapter 30. Using Cryptography with the .NET Framework: The Basics
- Setting the Stage: Key Definitions and Scenarios in Cryptography
- The Cryptographic Object Model of the .NET Framework
- Operating on Streams: CryptoStreams and ICryptoTransforms
- Using Symmetric Algorithms
- Using Cryptographic Hash Functions
- Using Keyed Hash Functions
- Random Number Generation and Key Derivation
- Using Asymmetric Algorithms
- Summary
- Chapter 31. Using Cryptography with the .NET Framework: Advanced Topics
- Working with CryptoAPI 1.0
- Working with CryptoAPI 2.0
- Finalization Versus Explicit Destruction via IDisposable
- Extending the .NET Framework s Cryptography Classes and the Cryptographic Configuration System
- Summary
- Chapter 32. Using Cryptography with the .NET Framework: Creating and Verifying XML Digital Signatures
- XMLDSIG Design Principles and Modes of Use
- The Structure of an XMLDSIG Signature
- Creating XMLDSIG-Compliant Signatures Using the .NET Framework
- Verifying an XMLDSIG Signature
- Extending System.Security.Cryptography.Xml for Custom Processing
- Summary
- Index
- A_Index
- B_Index
- C_Index
- D_Index
- E_Index
- F_Index
- G_Index
- H_Index
- I_Index
- J_Index
- K_Index
- L_Index
- M_Index
- N_Index
- O_Index
- P_Index
- Q_Index
- R_Index
- S_Index
- T_Index
- U_Index
- V_Index
- W_Index
- X_Index
.NET Framework Security
ISBN: 067232184X
EAN: 2147483647
EAN: 2147483647
Year: 2000
Pages: 235
Pages: 235