.NET news » Search results

Visual Studio's code analysis feature offers hidden extensibility opportunities for writing custom security code review rules.

In today’s post I will describe different security settings of the application pool and the IIS6 directory. It’s not always easy to guess which permissions must be set on system folders and files in order to make the application run … Continue reading →

Windows Communication Foundation (WCF) is a secure, reliable, and scalable messaging platform for the .NET Framework 3.0.With WCF, SOAP messages can be transmitted over a variety of supported protocols including IPC (named pipes), TCP, HTTP and MSMQ. Like any distributed messaging platform, you must establish security policies for protecting messages and for authenticating and authorizing calls. This article will discuss how WCF accomplishes this.

Bringing the Common Language Runtime (CLR) into SQL Server presents an entirely new set of challenges with regard to privilege and some of the rules that SQL Server developers are used to do not completely translate. Simple grant/deny/revoke logic still applies, but the CLR also brings its own set of specialized permissions, which require slightly different handling in order to properly manipulate.

By not carefully considering these issues when designing your SQLCLR code base, you may be allowing your code too much access.

This article focuses on what the SQLCLR permission sets do to control security and reliability, and what you need to understand when working with them in order to design a system that takes advantage of least privilege. By not carefully considering these issues when designing your SQLCLR code base, you may allow your code too much access, thereby creating potential vectors for security problems down the road..

Learn about the new claims-based identity model in Microsoft SharePoint Server 2010 as you explore the process of building a custom claims provider in SharePoint, integrating it with FAST Search and managing claims-enabled content.

Session Management, Navigation, Security and Data Sharing aspects of SOHA - Service Oriented HTML Application.

Cyber warfare:It’s a brave new world

As the attacks in which hackers use become more and more sophisticated, and the programs in which they attack become increasingly complex, encryption is becoming the last line of defense in database management system (DBMS) security. Since Microsoft announced their Trustworthy Computing security initiatives four years ago, the industry has been waiting to see how these initiatives would be implemented in upcoming products. With the introduction of Microsoft's newest DBMS, SQL Server 2005, it does indeed seem as though they have provided what they have promised.

What follows is a two-part article series that provides an in-depth examination of encrypting data in SQL Server 2005. In this article we will exploring key challenges facing database systems and the motivations for providing robust encryption mechanisms directly within the database system. We will also look at encryption fundamentals and SQL Server 2005's encryption capabilities.

Hard coding passwords into your application or your web site is a bad thing. Barry looks at how we can use trusted connections to provide the authentication we need, without the need for these potential security hazards.

Whenever you build a new system you should consider how an in¬truder might go about attacking it and then build in appropriate defenses at design time.