IN THIS CHAPTER

Designing for security

Building secure Windows and web applications

Digging into System.Security

Security is a big topic. Ignoring for a moment all the buzzwords surrounding security, you likely realize that you need to protect your application from being used by people who shouldn’t use it. You also need to prevent your application from being used for things it shouldn’t be used for.

At the beginning of the electronic age, security was usually performed by obfuscation. If you had an application that you didn’t want people peeking at, you just hid it, and no one would know where to find it. Thus, it would be secure. (Remember War Games, the movie in which the military assumed that no one would find the phone number needed to connect to its mainframes — but Matthew Broderick’s character did?)

Using obfuscation obviously doesn’t cut it anymore; now you need to consider security as an integral requirement of every system that you write. Your application might not contain sensitive data, but can it be used to get to other information on the machine? Can it be used to gain access to a network that it shouldn’t? The answers to these questions ...