Re: Security Implementation
From: Matjaz Ladava (matjaz_at__nospam_ladava.com)
Date: 06/27/03
- Next message: Paul Ingles: "Re: RSACryptoServiceProvider - Decrypting then Encrypting"
- Previous message: Shannon Cayze: "File access denied"
- In reply to: Peter: "Re: Security Implementation"
- Next in thread: Peter: "Re: Security Implementation"
- Reply: Peter: "Re: Security Implementation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Jun 2003 15:43:13 +0200
Well, your app will probably have a users database and roles of the users.
In your application you will have to do a permission checks trough
PrincipalPermissions and IsInRole. Implementing this at the final stage of
the product will require product redesign and reprogramming. Why not do it
in the proper way at the begining ?
-- Regards Matjaz Ladava, MCSE (NT4 & 2000) matjaz@ladava.com http://ladava.com "Peter" <bjerkley@yahoo.com> wrote in message news:0c2a01c33ca3$d570a150$a101280a@phx.gbl... > I agree with you, but as I was looking through the > security implementation documentation and resources, I do > not really see a big problem if the security is > implemented at the end of the project....but I do not have > much experience in this at all. So could you tell me what > potential problems could arise if I were to do the > security implementation at the end of the project? And if > it is done at the end of the project can this result in > potential re-coding of the forms or pages? > > Thanks. > > >-----Original Message----- > >The problem with security in today's applications is, > that the security is > >the last thing people think about. Normally security is > built last in the > >application and thus making applications insecure. I once > read a nice quote > >about security: "Security is like taxes, you know you > have to do it, but you > >always do it in the last minute." > > > >Security must be thought first during application design. > If you need a > >great reference on security, then read Michael Howard's > and David C. > >LeBlanc's book Writing Secure Code 2. It is a great book > from first page to > >the last. > >Another great online resources would be Building Secure > ASP.NET Applications > >available at > >http://msdn.microsoft.com/library/default.asp? > url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp? > frame=true > >please read it. It will give you some great insights on > how security works > >in ASP.NET. > > > >Please don't underestimate the importance of the security > especially if you > >are building an Internet Commercial site. > > > >-- > >Regards > > > >Matjaz Ladava, MCSE (NT4 & 2000) > >matjaz@ladava.com > >http://ladava.com > > > >"Peter" <bjerkley@yahoo.com> wrote in message > >news:08fa01c33c65$142e54d0$a101280a@phx.gbl... > >> Hi, > >> > >> I am trying to develop a commercial site and I've had > some > >> discussions with a few people about when to implement > the > >> security for the site. Some of my friends think that > >> security implementation should be done after all the > aspx > >> pages have developed, yet some say that it's best to > >> develop it up-front. Could somebody tell me what is the > >> sequence of activities for the security implementation > and > >> when it should be done i.e. beginning of the project or > at > >> the end of the project and what is the difference? > >> > >> Thanks, > >> Peter > > > > > >. > >
- Next message: Paul Ingles: "Re: RSACryptoServiceProvider - Decrypting then Encrypting"
- Previous message: Shannon Cayze: "File access denied"
- In reply to: Peter: "Re: Security Implementation"
- Next in thread: Peter: "Re: Security Implementation"
- Reply: Peter: "Re: Security Implementation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
