Know about security
Role-based security is not new to the .NET Framework. If you already have
experience with developing COM+ components, you surely have come across
role-based security.The concept of role based security for COM+ applications is
the same as for the .NET Framework.The difference lies in the way in which it
is implemented. If we talk about role based security, the same example comes up,
over and over again.This is not because we can’t create our own example, but
because it explains role-based security in a way everyone understands. So here it
is:You build a financial application that can handle deposit transactions.The rule
in most banks is that the teller is authorized to make transactions up to a certain
amount, let’s say $5,000. If the transaction goes beyond that amount, the teller’s
manager has to step in to perform the transaction. However, because the manager
is only authorized to do transactions up to $10,000, the branch manager has to
be called to process a deposit transaction that is over this amount.
Therefore, as you can see, role-based security has to do with limiting the tasks
a user can perform, based on the role(s) he plays or the identity he has.Within
the .NET Framework, this all comes down to the principal that holds the identity
and role(s) of the caller. Every thread is provided with a principal object. In order to have the .NET Framework handle the role-based security in the same manner as it does code access security, the permission class PrincipalPermission is defined.To avoid any confusion, PrincipalPermission is not a derived class of CodeAccessPermission. In fact, PrincipalPermission holds only three attributes: User, Role, and the Boolean IsAuthenticated.
Sunday, December 30, 2007 at 7:26 PM Posted by Deepak
Thursday, December 27, 2007 at 7:23 PM Posted by Deepak
The .NET Framework is based on the concept of distributed applications, in which an application does not necessarily have a single owner.To circumvent the problem of which parts of the application (being assemblies) to trust, code access security is introduced.This is a very powerful way to protect the system from code that can be malicious or just unstable. Remember that it is always active, even if you do not use it in your own code. CAS helps you in:
■ Limiting access permissions of assemblies by applying security policies
■ Protecting the code from obtaining more permissions than the security
policy initially permits
■ Managing and configuring permission sets within security policies to
reflect the specific security needs
■ Granting assemblies specific permissions that they request
■ Enabling assemblies in demanding specific permissions from the caller
■ Using the caller’s identity and credentials to access protected resources
Tuesday, December 25, 2007 at 7:17 PM Posted by Deepak
Access security and role-based security are the most important vehicles to carry the security through your applications and systems. However, let it be clear that we are not discussing VB or C# security, but .NET security; that is, the security defined by the .NET Framework and enforced by the CLR. Since the .NET Framework namespaces make full use of the security, every call to a protected resource or operation when using one of these namespaces automatically activates the code access security (CAS).Only if you start up the CLR with the security switched off, CAS will not be activated.The CLR is able to
“sandbox” code that is executed, preventing code that is not trusted from accessing protected resources or even from executing at all. Hopefully, anyway. (Didn’t we hear this before when Java came out?) We discuss this more thoroughly in the Code Access Security section later in this chapter.What is important to understand is that you can no longer ignore security as a part of your design and implementation phase. It is a priority to safeguard your systems from malicious code, and you also want to protect your code/application from being “misused” by less-trusted code. This is the sort of situation that viruses take advantage of, like CodeRed’s use of buffer overflows in Microsoft’s IIS server software. For example, let’s say that you implement an assembly that holds procedures/functions that modifies Registry settings. Because these procedures/functions can be called by other unknown code, these can become tools for malicious code if you do not incorporate the .NET Framework security as part of your code. To be able to use the .NET Security to your advantage, you need to understand the concepts behind the security.
Saturday, December 22, 2007 at 6:58 PM Posted by Deepak
Hi guys and girls!!
Today I am gonna discuss about technical terms involved in XML. I will help you to know about this issue. Here my discussions goes.........
XML and XSL are very powerful tools, and when wisely and somewhat ideally wielded can create Web applications that are simpler to maintain because of the enforced separation of data and presentation.With a little planning, you can reduce the amount of code necessary by compartmentalizing key aspects of functionality using XML and XSL and reusing them throughout the application. Along with changing the way in which your components communicate within your application, XML will change the methods by which entities may communicate over the Internet, while trying to cram it all through port 80 HTTP or HTTPS requests. XML and XSL are open standards, which is one of the reasons why these standards have become so popular. Many times, XML schemas are published by organizations to standardized industry- or business-related information.This is done in the hopes of further automating business processes, increasing collaboration, and easily integrating with new business partners over the Internet. Others, like Microsoft, try to use the framework of collective industry agreements to advance their own proprietary version of a technology. Indeed, it may well be that the greatest risk associated with .NET is the corral that Microsoft puts you into when you use their version of web-based services. One can never be sure that someone won’t at some point close the gate behind you and declare the party over. If you depend on third party services for your own mission-critical business functions, you are always held hostage by that provider. As always, secure design and architecture are key to making sure that none of that information is compromised during the exchange.The next sections provide a basis for understanding and using the XML encryption and digital signature specifications.
Is this helpful to you ? I hope your answer is yes.. I hav lot more informations to discuss about so please visit me again pals..
Sunday, December 9, 2007 at 3:30 PM Posted by Deepak
4RX | Easy MD | Aclepsa - Cheap Canada Drugs - Compare us with JanDrugs.com!
We are proud to be the only Online Pharmacy with an in house quality control department. All of our pharmaceutical products must pass stringent quality control before they are shipped. In addition, we work only with FDA approved manufacturers.
Saturday, December 8, 2007 at 6:54 PM Posted by Deepak
On the eighth of February 1912, a small group of officials arrived at City Hall Park on Manhattan's Broadway street. The men gathered at one grassy corner of the park grounds, where a long-neglected iron grating protected the entrance to a seemingly unremarkable ventilation shaft. The heavy, rust-encrusted grille was pried from its resting place, and with lanterns in hand the men descended one by one into the cavity. About twenty feet below the pavement the group emerged into an eight-foot-wide brickwork tube, the end of which was beyond the immediate reach of the lights. The sturdily-constructed tunnel was a relic from the years following the American Civil War, and it had remained virtually forgotten beneath the streets of New York since its main entrance was sealed sometime around 1880. As the men explored, they found the tunnel in remarkably good condition in spite of its age. When they reached the end of the tube, the men happened upon the wrecked remains of a unique mechanism for transport: a pair of carriages from America's first subway, the experimental and ill-fated Pneumatic Transit System.
Wednesday, December 5, 2007 at 6:47 PM Posted by Deepak
Actually if you look at any modern road bike youll notice that the handlebars are usually at the same level, or below the seat. It looks awkward until you ride one, youll see when you do. As for the design, how does it steer, it seems the front fork is fused to the rest of the frame, rendering a bike that cannot turn. Additionally, the wheels, although nice looking would flex badly as you rode over bumps, it would absorb bumps but make for a very wobbly and inefficient bike.
Saturday, December 1, 2007 at 6:36 PM Posted by Deepak
well testi for Deepak makes me pull a lot of threads from my past.....he is a totally out of the fun loving guy....a gaming freak who is always glued to his monitor most of the time....when a new game hits the market,my only trusted pundit(that includes movies too....we share the same taste )...He is not a nerd but can grasp concepts well....he shares his football views with me which is most of the time arguable ..... a busy bee.....catching this guy is a bit busy as alwayz pre-occupied with his friends....not a slave of brands(i wonder how is it poss?? )....loves to hang around with ppl a lot....he is a guy who has a high hankering for knowledge abt the lates advancements in our dimensional world...The one with whom u can discuss...Comes to play at times but prefers and watching us play and make fun instead of kicking the ball.....we cant forget this guy has he has played an important roll....and hope he plays more of his part better in the future...dude go ahead giant killer!!!