JavaScript EditorJavascript debugger     Javascript examples


Team LiB
Previous Section Next Section

Chapter 6: Security in ASP.NET

Overview

In this chapter, you will learn how to:

In days gone by, there were primarily two types of applications: single-user applications in which presentation, business logic, and any necessary data handling all occurred on the client machine of the user; and client/server applications, which removed much or all of the data handling to a separate database server. Back then, security was largely a matter of making sure that in a client/ server situation, users made modifications only to data that they were authorized to change. The typical application developer seldom had to face issues such as denial-of-service attacks, port sniffing, and so on.

The Internet has changed all that forever. Applications that are exposed to the Internet are inherently vulnerable to a host of issues, ranging from attempts at stealing data to the defacing of Web sites to denial-of-service attacks. No matter what operating system or other software you run, that vulnerability will never go away entirely. Software is an imperfect science, and unfortunately, an operating system invulnerable to attack has yet to be created.

The good news is that most software, including Microsoft Windows 2000, Microsoft Windows XP, IIS, and Microsoft Windows Server 2003 can be made quite secure if you follow best practices (a recognized set of recommended procedures and policies) for security, such as keeping track of and installing security patches as soon as they are released. One of the remarkable things about security practices in our industry is just how many servers (both Microsoft-based and otherwise) are sitting out there exposed to the Internet, without patches installed that have been available for months, or even years!


Team LiB
Previous Section Next Section


JavaScript EditorJavascript debugger     Javascript examples