Security has become an important topic for application developers, as more programs are required to function across networks of all types, including the Internet and company intranets. In this chapter, we will begin by discussing the level of security provided by Windows 98 and how it differs from Windows NT security. Then we will take a look at the Win32 security API, which is only fully supported by Windows NT. Even if you are developing software to run only under Windows 98, you should familiarize yourself with the security API. By understanding how Windows NT implements security for itself and makes security available for server applications, you will be aware of the issues that you need to consider when developing client applications that need to access secure data.
Next, we will look at an area of security that is available under both Windows 98 and Windows NT: data encryption and authentication, provided by the cryptography API (crypto API). Data authentication and confidentiality, online financial transactions, and protection from rogue software are reasons to enlist the help of cryptography. The crypto API provides a standard way to access encryption, hashing, signing, and authenticating algorithms from a variety of different security vendors.
Finally, we’ll wrap up the chapter by looking at some other security-related considerations, which will help you avoid potential pitfalls in designing secure applications.