Programming Defensively
Recall that I said that security is a holistic problem. It is not simply a matter of tuning Windows security and code access security; we need to consider how we write code too. Let me take a moment to address the “how” part of programming.
If a programmer writes classes with all public members, this code is at risk. The risk, again, is relative to the exposure to the outside world. For this reason, assigning moderately low-skilled object-oriented programmers to work on critical systems is like playing Russian roulette with a semiautomatic: every round is a loser. Additionally, if the DLLs that make up a system are downloaded to the client's PC, as is the case with smart clients (see Chapter 10) or various forms of .NET ...
Get Visual Basic® .NET Power Coding now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
