With the advent of distributed applications, it's becoming important to implement effective security to counteract the increased exposure and complexity of the software. Greater opportunities to manipulate data on local computers or across the network mean that application developers need to have a basic awareness of protocols and applications that use security today to help them design and create applications for tomorrow.
We begin this chapter by looking at different security-related protocols. We then look at the basic security concepts of authentication, which involves identifying users precisely and reliably when they log onto the system and when they access any resource within it; and encryption, which stores and passes information from one place to another so that it can't be read by anyone who intercepts it. We also discuss access control, which determines what users are allowed to accomplish, and auditing, which records what goes on inside the operating system as users request and work with the resources it makes available to them. Finally, we take a look at log files, event logs, and distributed environments.
The principles and guidelines we provide in this chapter are based on our own experience with the creation of application architectures and the implementation of modern applications, together with the following sources:
Upon completion, you will be able to: