Chapter 7 - Securing Your DNA Applications

Ask a programmer whose job it is to implement the appropriate levels of security for a distributed application and they'll tell you it's the responsibility of the network administrator. Ask the network administrator and they'll tell you that they don’t know how the program works, and that it's the programmer's job. If this sounds a familiar situation in your business then you're not alone. After fighting with the technology for as long as it takes to build an even reasonably complex application, the average programmer is often pleased just to get it all working.

Of course you're not just an average programmer, but no doubt the previous paragraph has at least a ring of truth to it. Security in Windows NT is a system-wide issue, and your applications depend on a lot of operating system configurations as well as the code you write within the application.

In this and the next chapter we'll examine how Windows NT and the Distributed interNet Applications (DNA) architecture fit together to allow you to provide a secure environment for your applications. This isn't going to be an exhaustive exploration of every issue, because if you've got this far you'll already be familiar with the main concepts of Windows NT and the ways that it's security features can be used. Instead, we'll be concentrating on the topics concerned with the technologies like Active Server Pages, Microsoft Transaction Server, and Microsoft Message Queue Server that we've been using in this book. However, because implementing security in these areas is tightly integrated with Windows NT security, we'll show you in overview how all the parts fit together.

In this chapter you'll find:

• An overview of Windows NT Integrated Security features.
  
  
• The three core concepts of security: Authentication, Encryption, and Auditing.
  
  
• The particular issues that are involved in Web-based applications.
  
  
• The ways that we can implement these core concepts in our applications.

In the next chapter we'll move on to look at the security issues involved with MTS and MSMQ, and take a brief look at some of the ways that we need to protect our data sources. In both chapters, we provide you with a guide to the things you should be considering, and point you to where you can find out more information about them.

To start with, we'll briefly see how Windows NT Integrated Security fits together.

© 1998 by Wrox Press. All rights reserved.