Saturday, May 3, 2008

DIRECT SUPPORT FOR SECURITY



Developing an application that resides on a user’s desktop system and user’s local resource is easy, from security point of view, because security simply isn’t a consideration in this scenario. Security becomes much more important when you create applications that access data on remote systems. Or applications that perform privileged tasks on behalf of no privileged users because may have to authenticate users, and encryption (scrambling to avoid eavesdropping) may be necessary to secure data communications.


Windows NT, Windows 2000 and Windows XP have a number of security features based on access control lists (ACLs). An ACL contains number of entries that specify which users may access or are explicitly denied access to resource such as files and printers. ACL are great way of protecting executable files (applications) from unauthorized access, but they do not secure all parts of the file. The .Net framework enables both developers and system administrators to specify method level security. Developers (through easy-to-use programming language construct called attributes) and system administrators (by using administrative tools and by editing an application’s configuration file) can configure an applications security so that only authorized users can invoke a component’s methods.

The .NET framework uses industry standard protocols such as TCP/IP and means of communication such as the Extensible Markup Language (XML) , Simple Object Access Protocol (SOAP , a standard application messaging protocol) , and HTTP to facilitate distributed application communications. This makes distributed computing more secure, because .NET developers cooperate with network connectivity devices as opposed to attempting to work around there security restrictions.