Moderator_MSDNIndia: (Sam) a lot of us here are in a decision making process with regards to the deve platform. But get haunted by the security attacks on MS platforms and the subsequent patches!!!
Jonah_MS : Yes. Today MS .Net security is practical and established
Moderator_MSDNIndia: (Saran) In the Code access security we understood that the downloaded .NET code would not run without permissions
Jonah_MS : Many Qns- Few answers...1-You can set security based on evidence say URL or website or Dir
Moderator_MSDNIndia: (Baghzaad) Is it better to avoid windows authentication?
Jonah_MS : No...Not at all.
Jonah_MS : Win auth is a way to implement security, indentity, singesignon and more
Moderator_MSDNIndia: (sam) A lot of government data centers in China and Japan are moving to LINUX...the reasoning is security. Is this true?
Jonah_MS : 1-What is the source of this info 2-It is a perception
Moderator_MSDNIndia: (Security_Kid) do you think implementing a security module to perform encryption/decryption in a dot net project is a good architectural practice?
Jonah_MS : Use the dotnet library provided security and cryptography functions
Moderator_MSDNIndia: (Security_Kid) What type of methods / crypto functions are available in .NET framework?
Jonah_MS : Sha1, MD5 and many others hash algorithms are available for cryptography you can use DES, Triple DES...
Jonah_MS : Implementing your own is cumbersome and still not secure. I will avoid it
Jonah_MS : Any other questions?
Moderator_MSDNIndia: (Security_Kid) Can i prevent a dot net app using my file system?
Jonah_MS : Yes. Use the permission class to give permission to a file or directory
Jonah_MS : You can give granular access to read or write access to file
8Ashvini has joined the conversation.
Moderator_MSDNIndia: (Saran) When I deploy and run in the user's machine it gives security exception. Could you explain me why and how to overcome?
Jonah_MS : This cound not be a trusted assembly...use the .NET config tool and make the assembly a trusted assembly
8Ashvini has left the conversation.
Moderator_MSDNIndia: (Baghzaad) What r the drawbacks of using windows authentication?
Jonah_MS : Not that we know except in using disparate system
Moderator_MSDNIndia: (Security_Kid) What is the difference between code access security and evidence based security?
Jonah_MS : CAS(Code A...S...) is for implementing granular sec options. Evidence is to allow to download or run an assembly
Moderator_MSDNIndia: (Baghzaad) What type of authentication would u recommend for the ultimalte security?
Jonah_MS : KERBROS
Jonah_MS : Disparate means muliple platforms from multiple vendors
Moderator_MSDNIndia: (Saran) Instead of trusting an assembly on all the machines, is there a shortcut?
Jonah_MS : Use Sec policy to differentiate machines in different zones, intranet, internet
Moderator_MSDNIndia: (Security_Kid) What about security for normal 32bit and 16bit executables?
Jonah_MS : not dotnet code is not governed by the .NET framework or CLR
Moderator_MSDNIndia: (Security_Kid) What kind of security does .NET provides for web applications?
Jonah_MS : the server side CLR is applicable to Server side DLL and Assemblies...
Jonah_MS : Next Qn
Jonah_MS : yes
Moderator_MSDNIndia: (Security_Kid) where can i find more information about .NET security?
