Chapter 6: Validation and Verification Issues

Previous page
Table of content
Next page


Overview

  • Creating Trust Relationships in the Managed Environment

  • Defining Features to Validate Your Code

  • Defining and Overcoming .NET Verification Issues

  • Using the AppDomain for Managed Code Security

  • Developing the AppDomain to Secure Unmanaged Code

Validation and verification are two essential security issues that many developers confuse and some developers feel are the same issue worded in a different way. However, validation and verification are separate issues and you must manage both if you want to create a reasonably secure application:

  • Validation is the process of checking credentials to ensure they’re correct in every way.

  • Verification is the process of ensuring that any requestor with validated (authenticated) credentials actually has permission to access a resource or system service.

The overall purpose of this chapter is to discuss the concept of earned trust (at the code, user, and machine levels). At some point, you need to trust the code running on the machine or the client accessing resources in order to accomplish anything. You don’t necessarily trust the code or the client completely, but they do require some level of trust. The concept of earned trust isn’t new. Any secure system has to have this concept to work. However, the .NET method of managing earned trust is new. Consequently, this chapter helps you understand how the .NET Framework manages earned trust.

The .NET Framework does have some special problems to overcome. The greatest problem is unmanaged code. Unlike the managed code an application uses, unmanaged code lacks the level of security discussed in previous chapters. You still have to provide some kind of trust mechanism for unmanaged code or do without the functionality it provides. At this point, you can’t run many complex applications without unmanaged code, so let’s say this need is a given. In short, this chapter not only discusses earned trust, but also the problems with earned trust in the .NET environment.

Don’t assume that unmanaged code is the only validation or verification problem you have to overcome. This chapter also demonstrates how to perform techniques such as validating the Intermediate Language (IL) code for an application. This check is important when security is the highest priority. A cracker can make subtle code changes that turn your application from a benign manipulator of data to a shark chewing up the data it’s supposed to protect. As part of this validation and verification process, the chapter also helps you to understand how the .NET Framework deals with verification issues and what you can do improve this process within your code.


Previous page
Table of content
Next page
.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168
Authors: John Paul Mueller
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Interprocess Communications in Linux: The Nooks and Crannies
Managing Enterprise Systems with the Windows Script Host
C++ How to Program (5th Edition)
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Web Systems Design and Online Consumer Behavior
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy