Programming NET Security - Adam Freeman

Programming NET Security

(Autor)

Buch | Softcover
704 Seiten
2003
O'Reilly Media (Verlag)
978-0-596-00442-2 (ISBN)
44,85 inkl. MwSt
This is a comprehensive tutorial and reference that contains numerous practical examples using C# and VB.NET.
With the spread of Web-enabled desktop clients and web-server based applications, developers can no longer afford to treat security as an afterthought. It's one topic, in fact, that .NET forces you to address, since Microsoft has placed security-related features at the core of the .NET Framework. Yet, because a developer's carelessness or lack ofexperience can still allow a program to be used in an unintended way, Programming .NET Security shows you how the various tools will help you write secure applications. The book works as both a comprehensive tutorial and reference to security issues for .NET application development, and contains numerous practical examples in both the C# and VB.NET languages. With Programming .NET Security, you will learn to apply sound security principles to your application designs, and to understand the concepts of identity, authentication and authorization and how they apply to .NET security. This guide also teaches you to: use the .NET run-time security features and .N
ET security namespaces and types to implement best-practices in your applications, including evidence, permissions, code identity and security policy, and role based and Code Access Security (CAS); use the .NET cryptographic APIs , from hashing and common encryption algorithms to digital signatures and cryptographic keys, to protect your data; and use COM+ component services in a secure manner. If you program with ASP.NET will also learn how to apply security to your applications. And the book also shows you how to use the Windows Event Log Service to audit Windows security violations that may be a threat to your solution.

Adam Freeman is a professional programmer and the author of two early Java books, Programming the Internet with Java and Active Java, both published by Addison Wesley, as well as Java course materials. His recent experience architecting a green-field e-commerce platform has given him an in-depth understanding of the current security challenges facing those developing large scale distributed systems. Adam has previously worked for Netscape, Sun Microsystems and the NASDAQ stock exchange.Allen Jones has been developing Windows solutions since 1990 and working with Windows NT and Win32 since 1993. He was one of the first MCSEs to qualify anywhere in the world. For the last 3 years, Allen has been developing e-commerce and security systems for large corporations and financial institutions. He is a former employee of Microsoft in both Australia and the UK and co-author, with Adam Freeman, of C SHARP for Java Developers and .NET XML Web Services Step by Step , both from Microsoft Press.

Preface Part I. Fundamentals 1. Security Fundamentals The Need for Security Roles in Security Understanding Software Security End-to-End Security 2. Assemblies Assemblies Explained Creating Assemblies Shared Assemblies Strong Names Publisher Certificates Decompiling Explained 3. Application Domains Application Domains Explained 4. The Lifetime of a Secure Application Designing a Secure .NET Application Developing a Secure .NET Application Security Testing a .NET Application Deploying a .NET Application Executing a .NET Application Monitoring a .NET Application Part II. .NET Security 5. Introduction to Runtime Security Runtime Security Explained Introducing Role-Based Security Introducing Code-Access Security Introducing Isolated Storage 6. Evidence and Code Identity Evidence Explained Programming Evidence Extending the .NET Framework 7. Permissions Permissions Explained Programming Code-Access Security Extending the .NET Framework 8. Security Policy Security Policy Explained Programming Security Policy Extending the .NET Framework 9. Administering Code-Access Security Default Security Policy Inspecting Declarative Security Statements Using the .NET Framework Configuration Tool Using the Code-Access Security Policy Tool 10. Role-Based Security Role-Based Security Explained Programming Role-Based Security 11. Isolated Storage Isolated Storage Explained Programming Isolated Storage Administering Isolated Storage Part III. .NET Cryptography 12. Introduction to Cryptography Cryptography Explained Cryptography Is Key Management Cryptographic Attacks 13. Hashing Algorithms Hashing Algorithms Explained Programming Hashing Algorithms Keyed Hashing Algorithms Explained Programming Keyed Hashing Algorithms Extending the .NET Framework 14. Symmetric Encryption Encryption Revisited Symmetric Encryption Explained Programming Symmetrical Encryption Extending the .NET Framework 15. Asymmetric Encryption Asymmetric Encryption Explained Programming Asymmetrical Encryption Extending the .NET Framework 16. Digital Signatures Digital Signatures Explained Programming Digital Signatures Programming XML Signatures Extending the .NET Framework 17. Cryptographic Keys Cryptographic Keys Explained Programming Cryptographic Keys Extending the .NET Framework Part IV. .NET Application Frameworks 18. ASP.NET Application Security ASP.NET Security Explained Configuring the ASP.NET Worker Process Identity Authentication Authorization Impersonation ASP.NET and Code-Access Security 19. COM+ Security COM+ Security Explained Programming COM+ Security Administering COM+ Security 20. The Event Log Service The Event Log Service Explained Programming the Event Log Service Part V. API Quick Reference 21. How to Use This Quick Reference Finding a Quick-Reference Entry Reading a Quick-Reference Entry 22. Converting from C SHARP to VB Syntax General Considerations Classes Structures Interfaces Class, Structure, and Interface Members Delegates Enumerations 23. The System.Security Namespace 24. The System.Security.Cryptography Namespace 25. The System.Security.Cryptography.X509Certificates Namespace 26. The System.Security.Cryptography.Xml Namespace 27. The System.Security.Permissions Namespace 28. The System.Security.Policy Namespace 29. The System.Security.Principal Namespace Index

Erscheint lt. Verlag 5.8.2003
Reihe/Serie Oreilly
Verlagsort Sebastopol
Sprache englisch
Einbandart kartoniert
Themenwelt Informatik Betriebssysteme / Server Windows
Informatik Programmiersprachen / -werkzeuge NET Programmierung
Informatik Theorie / Studium Kryptologie
ISBN-10 0-596-00442-7 / 0596004427
ISBN-13 978-0-596-00442-2 / 9780596004422
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Daten abfragen und verarbeiten mit Excel und Power BI

von Ignaz A. Schels

Buch (2023)
Hanser (Verlag)
49,99
Insider-Wissen – praxisnah & kompetent

von Ed Bott

Buch | Hardcover (2023)
dpunkt (Verlag)
44,90