|< Day Day Up >|
Topics in This Chapter
In the earliest days of programming, computers were used primarily to perform calculations and tedious tabulations. The measure of a program's correctness was whether it produced accurate results for a given set of input values. Modern software development now relies more on component-based solutions. The components often come from multiple sources, and it's not always possible to know the origin or trustworthiness of the components. As a result, code security and the ease of deploying and updating an application are now important metrics against which an application's success is judged.
This chapter looks at the issues and steps involved in producing a deliverable .NET software product. It breaks the process down into the three categories shown in Figure 15-1: code refinement, which looks at how code is tested against best practice rules; code security, which ensures that code is accessed only by other code that has permission to do so; and code deployment, which looks at how an application or component is packaged and made available for deployment.
Figure 15-1. Deliverable software should meet coding standards, be secure, and be easily deployed
The first section shows how to use FxCop as a tool to analyze an assembly and generate code change recommendations based on a predefined set of coding standards. The second section looks at the details of how to create a strongly named assembly and the security benefits that accrue from doing so.
The next section which forms the heart of the chapter explores the topic of Code Access Security (CAS). It explains how an administrator uses .NET tools to define a multi-level security policy for a computing environment and how security features are embedded in code. It also stresses understanding the interrelated security roles of evidence, policy, and permissions.
The chapter concludes with a look at the issues to be considered in deploying an application to users or customers. The advantages and disadvantages of using XCOPY or an installer to physically distribute an application are discussed.
|< Day Day Up >|