More actions
Up Development guide

Secure

Last modified on August 15, 2012 17:20

Every application, whether a 2-tier or n-tier desktop application used only within an organization or an ASP.NET or Silverlight application accessible across the internet, must consider its threat exposure.  

Consider the following:

  • Any client-side code, including Silverlight applications, can be easily disassembled (e.g., using Reflector or Silverlight Spy)
  • All messages to and from a server can be easily intercepted and monitored (e.g., using Fiddler)

If we assume that both the client and the transport are exposed and can be compromised, then we need to consider the risks to the application, its users, and the organization.  Does your application contain sensitive information which should be restricted to certain users?  Does it contain personal information such as an individual's health record or financial data?  Are only paid users allowed access?  If guest users are permitted, what data and operations can they access?

Silverlight applications have additional challenges.  Because it’s often used to create public-facing applications, Silverlight is inherently more dangerous than in-house applications that run behind a firewall or over a VPN.  Will your Silverlight application run out-of-the-browser?  Will it use Isolated Storage?  Will it access services on other domains? 

As a developer you must ask all these questions, and many more, as you build and secure your application.  In the following sections we'll look at how DevForce can help in authenticating and authorizing users, and other actions you can take to build a secure application.

In the following topics we'll discuss various aspects of securing your application:

  • Authentication - the process of validating a user's identity
  • Authorization - how to ensure the user accesses only the information allowed
  • Additional steps - additional steps you can take in locking down your application

Additional Resources

Since we can't cover every aspect of security here, we encourage you to learn more about this topic.  Here are a few links to get started:

  • Silverlight Security MSDN article
  • Ward Bell's DevConnections 2010 slides on Silverlight security
  • See just how easy it is to eavesdrop on HTTPS traffic with Fiddler
Tags: Security
Created by DevForce on February 08, 2011 12:08

Navigation

Tag Cloud

  1. Data Binding
  2. Data Sources
  3. Design Views
  4. Validation
  5. Anonymous
  6. Architecture
  7. ASP.NET
  8. Asynchronous
  9. Attach
  10. Azure
  11. CacheQueryOptions
  12. Caching
  13. Closure
  14. Cocktail
  15. code first
  16. Code Generation
  17. Code Sample
  18. Concurrency
  19. Configure
  20. Cookbook
  21. Create
  22. Debug
  23. Delete
  24. Deploy
  25. DevForce 2010
  26. DevForce Classic
  27. DevForce-Caliburn framework
  28. Disconnect
  29. Discovery
  30. Display
  31. Dynamic query
  32. EDM
  33. EDMX
  34. Entity cache
  35. Entity Framework
  36. EntityAspect
  37. EntityCache
  38. EntityKey
  39. EntityKeyQuery
  40. EntityManager
  41. EntityProperty
  42. EntityQuery
  43. EntityQueryOperation
  44. EntitySaveOperation
  45. EntityServer
  46. EntityServerSaveInterceptor
  47. EntityState
  48. EntityVersion
  49. ESQL
  50. Exception
  51. Extensibility
  52. Extension
  53. Faking
  54. Fetching
  55. FetchStrategy
  56. Getting started
  57. IIS
  58. Include
  59. Interception
  60. iOS
  61. IVerifierProvider
  62. JavaScript
  63. LINQ
  64. Localization
  65. Log
  66. MEF
  67. MergeStrategy
  68. Metadata
  69. MetadataType
  70. Model
  71. Multi-threading
  72. MVVM
  73. Navigation
  74. NET Native
  75. Object Mapping
  76. OData
  77. Offline
  78. Paging
  79. Performance
  80. Persistence
  81. POCO
  82. Predicate
  83. PredicateBuilder
  84. PredicateDescription
  85. Prism
  86. Property Interceptors
  87. PropertySortSelector
  88. Push
  89. Query
  90. Query cache
  91. Query Inversion
  92. QueryStrategy
  93. Refetch
  94. Refresh
  95. Release Notes
  96. Sample Application
  97. Save
  98. SaveOptions
  99. SaveResult
  100. SaveStatus
  101. Saving
  102. Security
  103. Serialization
  104. Silverlight
  105. Stored Procedure
  106. Support
  107. Telerik
  108. Template
  109. Test
  110. ToQuery
  111. Tour
  112. Transactions
  113. Troubleshooting
  114. UAP
  115. UWP
  116. Validation
  117. Verifier
  118. VerifierEngine
  119. Video
  120. WCF
  121. Windows 10
  122. Windows Phone
  123. Windows Store
  124. WinForms
  125. WinRT
  126. WIP
  127. WPF

Spaces

 | 2009Documentation | Documentation

This wiki is licensed under a Creative Commons 2.0 license. XWiki Enterprise 3.2 - Documentation. Copyright © 2020 IdeaBlade