Chapter 1. Writing Secure Code

In This Chapter

  • Designing for security

  • Building secure Windows and Web applications

  • Digging into System.Security

Security is a big topic. Ignoring for a moment all the buzzwords surrounding security, I'm sure you realize that you need to protect your application from being used by people who shouldn't use it. You also need to prevent your application from being used for things it shouldn't be used for.

At the beginning of the electronic age, security was usually performed by obfuscation. If you had an application that you didn't want people peeking at, you just hid it, and no one would know where to find it. Thus, it would be secure. (Remember War Games, the movie in which the military assumed that no one would find the phone number needed to connect to its mainframes — but Matthew Broderick's character did?)

That obviously doesn't cut it anymore; now you need to consider security as an integral requirement of every system that you write. Your application might not contain sensitive data, but can it be used to get to other information on the machine? Can it be used to gain access to a network that it shouldn't? The answers to these questions matter.

The two main parts to security are authentication and authorization. Authentication is the process of making sure a user is authentic — that the user is who he claims to be. The most common method of authentication is to require the use of a username and password, though other ways exist, such as thumbprint scans. ...

Get C# 2010 All-in-One For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.