Re: Security Implementation

From: Peter (bjerkley_at_yahoo.com)
Date: 06/27/03 

Date: Fri, 27 Jun 2003 05:01:25 -0700

I agree with you, but as I was looking through the
security implementation documentation and resources, I do
not really see a big problem if the security is
implemented at the end of the project....but I do not have
much experience in this at all. So could you tell me what
potential problems could arise if I were to do the
security implementation at the end of the project? And if
it is done at the end of the project can this result in
potential re-coding of the forms or pages?

Thanks.

>-----Original Message-----
>The problem with security in today's applications is,
that the security is
>the last thing people think about. Normally security is
built last in the
>application and thus making applications insecure. I once
read a nice quote
>about security: "Security is like taxes, you know you
have to do it, but you
>always do it in the last minute."
>
>Security must be thought first during application design.
If you need a
>great reference on security, then read Michael Howard's
and David C.
>LeBlanc's book Writing Secure Code 2. It is a great book
from first page to
>the last.
>Another great online resources would be Building Secure
ASP.NET Applications
>available at
>http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp?
frame=true
>please read it. It will give you some great insights on
how security works
>in ASP.NET.
>
>Please don't underestimate the importance of the security
especially if you
>are building an Internet Commercial site.
>
>--
>Regards
>
>Matjaz Ladava, MCSE (NT4 & 2000)
>matjaz@ladava.com
>http://ladava.com
>
>"Peter" <bjerkley@yahoo.com> wrote in message
>news:08fa01c33c65$142e54d0$a101280a@phx.gbl...
>> Hi,
>>
>> I am trying to develop a commercial site and I've had
some
>> discussions with a few people about when to implement
the
>> security for the site. Some of my friends think that
>> security implementation should be done after all the
aspx
>> pages have developed, yet some say that it's best to
>> develop it up-front. Could somebody tell me what is the
>> sequence of activities for the security implementation
and
>> when it should be done i.e. beginning of the project or
at
>> the end of the project and what is the difference?
>>
>> Thanks,
>> Peter
>
>
>.
>

Relevant Pages

  • Re: Security Implementation
    ... your app will probably have a users database and roles of the users. ... > security implementation documentation and resources, ... >>are building an Internet Commercial site. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Security Implementation
    ... >> security implementation documentation and resources, ... >> potential problems could arise if I were to do the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Access Project (adp) with Sql Server 2000 - First Connection Latency
    ... G> user (own security implementation) and these checks are done ... then keep adding components approaching your real adp and watch when the gap reappears. ... Specifically, remove "own security implementation". ...
    (microsoft.public.access.adp.sqlserver)
  • Security Implementation
    ... I am trying to develop a commercial site and I've had some ... security implementation should be done after all the aspx ... sequence of activities for the security implementation and ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: WEP or else ?
    ... Do you truly need wireless, or is it a few gadget heads that "need" it? ... > I am looking for a security implementation on Wireless to make it more ... > "WEP has security flaws in its implementations". ... > changes didn't work with leap. ...
    (microsoft.public.security)