Freigeben über


Security Considerations

When designing a server application, your design specification should address security issues. You should consider and can address the following items in the application's functional specification:

  • Security goals   Define what you need to protect.
  • Security risks   Understand the vulnerabilities of your application. You must also understand the significance of potential threats as they relate to your business.
  • **Authentication   **Describes the process of accepting credentials from a user and validating those credentials against a designated authority. The identity of the user, or possibly an application or computer, is referred to as a security principal. The client must provide credentials to allow the server to verify the identity of the principal. After the identity is known, the application can authorize the principal to access resources on the system.
  • Authorization   Describes the process of determining whether the proven identity is allowed to access a specific resource.
  • **Securing data transmission   **Ensure that data cannot be viewed or tampered with while in transit by using encrypting when it crosses the network. You must consider the level of security that you data needs while in transit.
  • Impersonation   Enables a server process to run using the security credentials of the client. When the server is impersonates the client, any operations performed by the server use the client's credentials. Impersonation does not allow the server to access remote resources on behalf of the client and requires delegation.
  • Delegation   Enables a server process to run using the security credentials of the client, similar to impersonation. However, delegation is more powerful and enables the server process to make calls to other computers while acting as the client.
  • Operating system security   Refers to the establishment of appropriate Access Control Lists (ACLs) and network security to prevent intruders from accessing secured resources. You must set the appropriate ACLs on the appropriate resources to allow access by only the relevant principals.
  • Securing physical access   Refers to storing the server computer in a secure room. You should not overlook this fundamental issue.
  • Code access security    Enables code to be trusted to varying degrees depending on where it originates and other aspects of the code's identity. You should be aware of how to create your own access permissions.

See Also

Security Planning | Security Risks for Visual FoxPro Developers