.NET news » Security

Windows CardSpace replaces traditional username and password authentication with a tool that helps users better manage their digital identities and helps shield users from various forms of identity attack such as phishing. Michèle Leroux Bustamante explains how to integrate Windows CardSpace with your ASP.NET applications and Windows Communication Foundation services.

When something goes wrong, a manageable application will tell the administrator how to fix the problem. The Windows Event Log can provide the necessary information.

Understanding how the SQL Server and CLR security models work together to keep your database secure

This article attacks a problem for which I have heard many solutions: How can I offer file downloads on the Internet and protect them from unauthorized downloading? There are many answers to this problem, but some are not without their own problems. In this article, I’ll review some of the techniques commonly used by software vendors, and then show you my solution for this.

Vista's User Account Control (UAC) improves security, but making it work smoothly requires a little more developer work. Find out what you need to know to code Vista UAC-aware applications.

You always read how cookies play an important role in the security of a web application. Cookies have several uses in web applications, for instance ASP.NET itself uses cookies to identify a session, some sites use cookies to implement the feature of "remember me" when you log in to their site, other sites save user preferences in cookies. I am going to talk briefly about cookies and what makes them vulnerable to attacks, I will give some example of how cookies can be abused and finally I will talk about what we need to do to make our cookies bullet proof to defeat each one of the vulnerabilities.

In this article we start with a look at the T-SQL commands for performing asymmetric encryption and decryption. Next, we discuss using digital signatures as a means for ensuring the integrity of the encrypted data. This article concludes with an ASP.NET 2.0 website example that ties together the lessons learned throughout this article series. Specifically, the database used by this ASP.NET application stores customer information with the customer's credit card information encrypted. An ASP.NET page provides a means to view the sensitive information in plaintext as well as a means to add new customers to the database with the credit card information properly encrypted.

This article describes how to get information about digital certificates stored on your local machine. It also shows how to search certificate by name and retrieve certificate hash.

As the attacks in which hackers use become more and more sophisticated, and the programs in which they attack become increasingly complex, encryption is becoming the last line of defense in database management system (DBMS) security.

In this article we will look at how, specifically, to encrypt the data in a SQL Server 2005 database using symmetric encryption techniques. We'll start with examining the facilities for managing keys in SQL Server and then explore symmetric encryption in SQL Server 2005.

As the attacks in which hackers use become more and more sophisticated, and the programs in which they attack become increasingly complex, encryption is becoming the last line of defense in database management system (DBMS) security. Since Microsoft announced their Trustworthy Computing security initiatives four years ago, the industry has been waiting to see how these initiatives would be implemented in upcoming products. With the introduction of Microsoft's newest DBMS, SQL Server 2005, it does indeed seem as though they have provided what they have promised.

What follows is a two-part article series that provides an in-depth examination of encrypting data in SQL Server 2005. In this article we will exploring key challenges facing database systems and the motivations for providing robust encryption mechanisms directly within the database system. We will also look at encryption fundamentals and SQL Server 2005's encryption capabilities.