|
Note to the Reader: Page numbers in bold indicate the principle discussion of a topic or the definition of a term. Page numbers in italic indicate illustrations.
Access Control Editor, 401, 401–403
access control lists. See DACL; SACL
Access Control Markup Language (XACML), eXtensible, 320–321, 445
ACEs (Access Control Entries)
accessing directly, 408–411
ordering in ACLs, 400, 435
overview of, 390
Active Directory Users and Computers console, 175, 175
AD (Active Directory), 338–362
domain trust relationships
authentication and, 345
calling domain controllers, 346–353, 352
defined, 345
permissions and, 345
potential problems with, 346
finding AD tools, 342, 343
local settings and, 344
managing access to
using declarative security, 353–354
using imperative security, 354–356, 356
overview of, 353
write access, 357–362, 362
monitoring with ADSI Viewer, 339–342, 340–342, 344, 440
monitoring with ASDIEdit, 342–343, 343
overview of, 333, 338–339, 362
pros and cons, 338–339, 343–345
versus registry, 343–345
search tools, 346
security within, 338, 339, 343
System.DirectoryServices namespace
accessing AD, 43–44, 45
examples, 42–50, 45, 50
getting AD user information, 45–49, 50
overview of, 41
path types and, 44, 45
Web site on, 42
unmanaged data and code, 344
verifying rights with SDCheck, 343
Add Web Reference dialog box, 329, 329
addresses. See Web sites
algorithms, See also cryptography techniques
asymmetric algorithms
defined, 185
DSA, 36, 185, 186, 443
overview of, 184
RSA, 36, 184–185, 186, 279
rumor about cracking, 186
classes, in Cryptography namespace, 36
HashAlgorithm class
defined, 184, 199
MD5 algorithm, 199, 200, 449
SHA algorithms, 199–200, 451
KeyedHashAlgorithm class, 200
mapping to cryptographic classes, 180–182, 182
symmetric algorithms
defined, 184
DES, 36, 185–186, 442
Rijndael, 185, 186
TripleDES, 185, 186
AllowPartiallyTrustedCallersAttribute, 31–32, 281
Anonymous impersonation level, 433
AppDomain class
defined, 160
securing managed code
checking FriendlyName values, 162–163, 164
creating components from AppDomain objects, 163–164
creating multiple AppDomain objects, 160–163
problem with, 163–164
testing, 162–163
threads and, 163
securing unmanaged code
accessing external programs, 167–169
calling Win32 API functions, 165–166
overview of, 164–165
application domains, 6, 160, See also AppDomain class
ApplicationDirectory evidence class, 76
applications, distributed. See distributed applications
applications, library, warning, 228
articles. See Web sites
ASDIEdit tool, 342–343, 343
ASN.1 (Abstract Syntax Notation One), 183, 440
assemblies, See also CASPol
checking hash code of, 370–374, 372–373
defining policy assemblies, 91
warning, 124
assistant classes, 36
asymmetric cryptography. See cryptography, asymmetric
asynchronous/synchronous SOAP calls, testing, 329–332
attributes
AllowPartiallyTrustedCallersAttribute, 31–32, 281
COM interface attributes, 214–215, 217
debugger, in SoapHttpClientProtocol class, 306, 307
defined, 440
problem, in checking permissions, 308–309, 309
SynchronizationAttribute class, 29–31, 30
authentication, See also validation; Web server security
AuthenticationManager class, 241–244, 244
choosing usernames, 237
creating breach in, 245
defined, 236, 241, 440
enabling for debugging, 238–241, 239–240
functions, in Win32 API, 395
HTTP-specific classes and, 244–245
levels, in DCOM, 436–437
password guidelines, 237
versus permissions, 345
pre-authentication, 241–244, 244, 246–248
problems, in Web services, 304–305
in remoting, 282
warning, 245
Authentication Methods dialog box, 239, 239
authorization, See also permissions; privileges
defined, 440
of Web servers, 242–244, 244, 246–248
of wireless device files/URLs, 383–384
avoiding human error problems, 52–65, See also security risks; troubleshooting
buffer overruns, 60–61
canonical representation issues, 63–64
by using checklists, 53, 65
by controlling access
code access, 61–62
overview of, 61
role-based access, 62
setting appropriate privileges, 62–63
data entry errors
avoiding free-form text input, 59
avoiding unnecessary characters, 57–59
checking data input ranges, 53–55, 55
checking incoming data length, 55–57
coding for quality, 53
overview of, 52
providing precise help, 59
overview of, 52, 64–65, 70
by taking time for code quality, 52, 53, 61
by using update tools, 15
|