Designing Secure Web-Based Applications for Microsoft(r) Windows(r) 2000
| 2000-07-26 00:00:00 | | 0 | Windows
`Web-based applications` is getting to be a redundant term, but that only highlights the fact that up-to-date programmers need to be familiar with the strategies and practices used to build modern networked software. Designing Secure Web-Based Applications for Microsoft Windows 2000 explains precisely what its title specifies: the mechanisms for allowing Windows programs to communicate over the network while maintaining security, plus their ways of fitting into complete product architectures. It's a complete engineering document with considerable information on identifying security threats, giving them relative weight, and deciding how to deal with them in the designs of your systems. The author has both done his homework and worked in the industry, and it's a pleasure to read his distilled knowledge.
Early sections are rather academic (which is not to say they're not worthwhile), while later sections deal with specific security strategies and the security features of particular products. The author isn't vague--he tells you how he thinks you should design your programs (storing hashes, instead of passwords, in a database to allow for intrusion into the database, for example) and what specifically you need to do (there's enough code here to give heft to what otherwise would be purely high-level advice). Although the author sticks to the Microsoft world, he isn't reluctant to point out security problems in Windows. This is a great volume for anyone designing Windows software that will share information over a network and need to use authentication, nonrepudiation, encryption, and other security techniques. --David Wall
Topics covered: Network security features of Windows 2000, Internet Explorer 5.0, SQL Server 7.0, SQL Server 2000, and COM+ 1.0, as well as the engineering tradeoffs involved in making software secure enough for safety, but open enough for reliability.
User review
Best book I read on the subject
enjoyable and very informative
User review
Very beneficial.
I had no background in networking and Windows security. This book allowed me to understand how to employ security in Windows distributed applications. It was not easy to read but I worked hard and obtained the knowledge I always wanted to have. Many thanks to authors.
User review
The most complete web application security on the market
This book covers all issues pertaining to building and securing web applications. From the browser all the way to the database server. This is the only book I've read which includes database and component security as a critical part of the solution.
Highly Recommended.
User review
Exceptional
Incredible security coverage of IIS, Windows 2000, COM+, IE and SQL Server. The best IIS security book out there. But it focuses on other topics, not just IIS.
User review
Worse than nothing
Probably the worse book I've read on IIS security. This is what the books says on setting File security on your web: `use the wizard`.
Book contains basic school book information on security but nothing specific on what to do.
There are chapters on using SQL server (yes in an IIS book) but nothing on using Oracle or other databases.