Distributed systems security is a vast, intricate topic, and certainly COM+ makes it possible for mere mortals to secure systems in an elegant, productive, and extensible manner. All you have to do is understand a few simple security concepts, configure your applications properly, and let COM+ take care of the rest. However, no service is without a flaw, and COM+ security is no exception. Even though the following list of pitfalls may seem long, you should consider two things: first, considering how encompassing COM+ security really is, it is a surprisingly small list, as security affects almost everything you do in COM+. Second, this list describes only things I have encountered, and it is probably only partial. You will undoubtedly encounter other variations and pitfalls when you do your own development. However, with a solid understanding of the way COM+ security works, you should be able to isolate and troubleshoot the problems yourself. Some of the pitfalls have already been implied throughout this chapter, but the following is dedicated and explicit pitfall list.