Ensuring Trust in the Managed Environment

Trust is an essential part of any relationship or interaction between client and server. The job of the server is to protect and manage the resources and services that the network administrator has configured. This task runs counter to providing access to those same services and resources. Absolute security means denying all access to anyone requesting it. The definition of a secret is something that you keep to yourself—if anyone else knows the information, it’s no longer truly secret. The trust relationship indicates that the server has some level of confidence that the requestor will maintain the integrity of the secret. The server can’t guarantee the requestor will absolutely maintain the secret, but there’s some level of confidence in this fact.

The reason I keep stressing layers of security and quantities of security is that many developers have gotten the idea from security vendors that they can whisper some kind of magic enchantment that provides absolute security. Absolute security is a fallacy unless you maintain absolute control over the data, which makes the data useless. Sharing is a requirement for information exchange.

Fortunately, the .NET Framework does make it easier to assess the level of risk that you take in making information accessible to a requestor, even one from the same machine. For one thing, the .NET Framework ensures flexible security. If you must grant access to data, resources, or services to a requestor, then ensuring that the requestor actually has the proper rights is important. Chapter 5 covered one application of this principle in the “Adding New Permissions” section. This section demonstrates that you can create a flexible security solution using the .NET Framework—one that Microsoft couldn’t consider when it designed the system. Expecting the unexpected is an essential part of trustworthy security—any good security plan is flexible enough to change with the conditions.