Chapter 23. Creating Secure Code: What All .NET Framework Developers Need to Know
By Rudi Martin
IN THIS CHAPTER
So far, we have dealt with the .NET Framework security system primarily from an abstract, conceptual level or from the point of view of an administrator. The following chapters (23 through 26) focus on a developer-oriented approach. This encompasses the entire development life cycle: from initial architecture and design to implementation, testing, and maintenance.
We'll discuss the mechanics of designing and writing your own secure code: common strategies, pitfalls, and trade-offs. Where appropriate, we'll discuss details of the .NET Framework's own security design and implementation.
This chapter will concern itself principally with describing what exactly we mean by security and defining the bounds of the .NET Framework security system. You will gain insight into the following topics:
What constitutes “secure” code
How security enforcement is split between the .NET Framework and the operating system
What the .NET Framework security system can and cannot do to protect your applications