We've gone through most of this book looking at ActiveX, COM, DCOM and component software, all the time avoiding the issue of security. This is not because security is a less important topic. Security is of paramount importance, and can't be treated lightly in a 'by the way' fashion within sections embedded in other chapters. With this is mind, we've opted to focus on it in its own independent chapter and thereby do it some justice.
Moreover, the sheer complexity of security concerns means they don't mix easily with other technical subjects that require their own focus. And the implementation of security measures in a distributed computing environment isn't simple. The situation is further aggravated by the set of new terminologies and jargon that the security industry employs. In this chapter, we'll demystify many of the concepts, and discover the available APIs, system objects, and built-in system features which facilitate the implementation of secure distributed computing systems.
On the other side of the coin, we'll see the roadblocks, harassment, and trepidation that an ActiveX component has to live and deal with in order to carry out its chores in a secured environment.
The branches of security that we'll be focusing on are those related to distributed component computing (i.e. COM and DCOM security), as well as web server extension security (i.e. IIS and ISAPI security).