Summary


Web services are an upcoming technology of strategic importance to most companies—ignoring them will put your company at a strategic disadvantage. Many companies are experimenting with Web services, but haven’t committed to using them for critical applications for one reason—security. This chapter has demonstrated that Web services today are extremely difficult and perhaps impossible to secure. However, companies such as Microsoft are developing strategies to deal with this problem. In short, you should get a balanced view of Web services security from this chapter.

The issue now is applying the warnings and techniques in this chapter to your own company. You need to consider issues such as the amount of information you’re willing to risk to a Web services application. Once you define the data requirements for the application, you need to consider what kind of security to use. Every strategy has significant tradeoffs you need to consider. Unfortunately, the difficulty of creating secure Web service applications that still provide the information exchange functionality that most companies require is going to remain difficult despite the advances Microsoft has made in the current version of the .NET Framework.

Chapter 12 moves on to a new topic, Active Directory, which is the central information store that many companies use today. Active Directory not only contains security information, it also contains specifics about the machines connected to the network and personal information about the people using it. In many cases, developers now use Active Directory to store custom settings, such as those used by applications. In short, securing Active Directory is an essential task that all companies must undertake to ensure core information remains private.




.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net