- Taschenbuch: 714 Seiten
- Verlag: O'Reilly & Associates; Auflage: 1 (8. Juli 2003)
- Sprache: Englisch
- ISBN-10: 0596004427
- ISBN-13: 978-0596004422
- Größe und/oder Gewicht: 17,8 x 3,6 x 23,3 cm
- Durchschnittliche Kundenbewertung: Schreiben Sie die erste Bewertung
- Amazon Bestseller-Rang: Nr. 389.016 in Fremdsprachige Bücher (Siehe Top 100 in Fremdsprachige Bücher)
- Komplettes Inhaltsverzeichnis ansehen
Programming .NET Security (Englisch) Taschenbuch – 8. Juli 2003
|Neu ab||Gebraucht ab|
Kunden, die diesen Artikel gekauft haben, kauften auch
Es wird kein Kindle Gerät benötigt. Laden Sie eine der kostenlosen Kindle Apps herunter und beginnen Sie, Kindle-Bücher auf Ihrem Smartphone, Tablet und Computer zu lesen.
Geben Sie Ihre Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.
Wenn Sie dieses Produkt verkaufen, möchten Sie über Seller Support Updates vorschlagen?
With the spread of Web-enabled desktop clients and web-server based applications, developers can no longer afford to treat security as an afterthought. It's one topic, in fact, that .NET forces you to address, since Microsoft has placed security-related features at the core of the .NET Framework. Yet, because a developer's carelessness or lack ofexperience can still allow a program to be used in an unintended way, Programming .NET Security shows you how the various tools will help you write secure applications. The book works as both a comprehensive tutorial and reference to security issues for .NET application development, and contains numerous practical examples in both the C# and VB.NET languages. With Programming .NET Security, you will learn to apply sound security principles to your application designs, and to understand the concepts of identity, authentication and authorization and how they apply to .NET security. This guide also teaches you to: use the .NET run-time security features and .NET security namespaces and types to implement best-practices in your applications, including evidence, permissions, code identity and security policy, and role based and Code Access Security (CAS); use the .NET cryptographic APIs , from hashing and common encryption algorithms to digital signatures and cryptographic keys, to protect your data; and use COM+ component services in a secure manner. If you program with ASP.NET will also learn how to apply security to your applications. And the book also shows you how to use the Windows Event Log Service to audit Windows security violations that may be a threat to your solution.
Über den Autor und weitere Mitwirkende
Adam Freeman is a professional programmer and the author of two early Java books, Programming the Internet with Java and Active Java, both published by Addison Wesley, as well as Java course materials. His recent experience architecting a green-field e-commerce platform has given him an in-depth understanding of the current security challenges facing those developing large scale distributed systems. Adam has previously worked for Netscape, Sun Microsystems and the NASDAQ stock exchange.
Allen Jones has been developing Windows solutions since 1990 and working with Windows NT and Win32 since 1993. He was one of the first MCSEs to qualify anywhere in the world. For the last 3 years, Allen has been developing e-commerce and security systems for large corporations and financial institutions. He is a former employee of Microsoft in both Australia and the UK and co-author, with Adam Freeman, of C# for Java Developers and .NET XML Web Services Step by Step , both from Microsoft Press.
|5 Sterne (0%)|
|4 Sterne (0%)|
|3 Sterne (0%)|
|2 Sterne (0%)|
|1 Stern (0%)|
Die hilfreichsten Kundenrezensionen auf Amazon.com
Part 3 is all about Cryptography. This is the most useful part of the book covering Hashing, Symmetric and Asymmetric algorithms, Key exchange and Digital signatures. All cryptography classes presented in the book are part of latest edition of framework just few more algorithms have been added. Cryptography chapters are not useful just for their API coverage, but also because they provide excellent introduction to cryptography itself. Algorithms are presented in understandable way with nice, clean figures.
Part 4 is about security aspects of ASP.NET, COM+ and Log service. Honestly just last chapter (Log service) is useful. Coverage of ASP.NET and COM+ is just on very basic level and COM+ is now in fact dead technology. Last part is reference to all security-related classes. These chapters are not much useful. MSDN documentation is sufficient.
The book uses similar pattern in most chapters. First few pages in each one give you theoretical introduction into technology. After that, there is a presentation of corresponding .NET API and most chapters are finished with complete solution how to customize presented technology. For instance the book contains implementation of custom symmetric and asymmetric algorithms. This pattern is little bit 'dry' especially in Part 2 and 4 but very helpful in cryptography chapters where solid theoretical background is must before you can move to API.
So, I can say, that even 10 years after publication some parts of Programming .NET Security are still valuable. Especially part 3 Cryptography is perfectly valid in .NET 4.5. If you need to use cryptography in your projects, the book gives you great intro into it.
I was waiting for a book like this. Before this book I've had to scour over the internet to try to find out how to get the different areas of security in .NET to work. Now it's all here in one book. The theory, the explanations, the warnings, the samples. If you are a serious .NET programmer or .NET policy administrator then this is a must have book. If you don't know the difference between "host evidence" and "assembly evidence", then you need this book. If you don't know the difference between a "security demand" and a "permission request", then you are dangerous to the people you do work for.
Also, make sure you know the basics already of the language and the framework since this book assumes you do. Good luck.
I get really excited about a book when it contains a lot of good information and I am able to actually use it to solve real-world problems. After reading this book, I was able to help solve a really tricky (and politically challenging) security issue quite quickly. If you have anything to do with your company's security systems or write any .NET code, I think this book deserves a place in your reference section. This is certainly the best book on .NET security I have read thus far.
The bottom line, we are awash in bad code and the vulnerabilities that result are the fundamental reason there are so many exploits. When you consider that in the scale of a federated system it is not a pretty thought. Someday there will be building codes for software, but in the meantime, if you are a responsible citizen of this planet and you are involved in .Net development, buy your coders this book. Invest the time to be able to quiz them and do so. Make sure they understand the issues, especially with Chapters 18 and 19, ASP.NET and COM+.