Developing a Secure Server Application Installation


Many developers fail to realize that their development server is a server. If the server has any contact at all with other machines, it can become a source of possible contamination. A recent DevX article (http://www.devx.com/SummitDays/Article/6699) points out the substantial problems of having any server with security problems attached to the network. Microsoft Best Practices (http://www.microsoft.com/technet/security/bestprac/mcswebbp.asp) also underscore the issues of development and other rogue servers that aren’t secure. For this reason, your development server must have all of the required security updates and patches installed (see the “Poorly Patched Systems” section of Chapter 1 and the “Dealing with Patches” section of Chapter 2 for details). Any other course of action almost ensures that you’ll have security problems.

You should be concerned about patching your development server for other reasons. When you test an application that other people in the company will use, you need to test it in the same environment that they’ll use. Otherwise, your testing won’t reflect the user environment. Flawed environment testing can lead to all kinds of interesting and difficult to find problems. For example, you might write the program to work around a known problem with the server. If Microsoft issues a patch that fixes that problem and the network administrator installed the patch on the production machines, your program might not work as anticipated. The patch fixes the problem that you anticipated and corrected in your program. Because Microsoft support assumes that you have all patches installed, you won’t find much help from them either.




.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net