Spending a Saturday at Security code camp in Reston

A beautiful, crisp, fall Saturday with plenty of sunshine and fresh air. But I chose to spend it locked in a room full of about a hundred other people, talking about .NET security at the Mid Atlantic Security Code Camp hosted by G. Andrew Guthie. If you have a chance, I would strongly recommend one of…


Letting SQL 2005 do they heavy work of encrypting data

Many of the developers I work with go through the pain of trying to figure out how to encrypt data before passing it on to the database tier. What encryption algorithms do I use? What key length? How do I create an operational infrastructure to manage my keys, and what happens if they are compromised….


Security Patterns and Practices – ADO.NET 2.0

The Patterns and Practices team have come out with new guidance and best practices surrounding ADO.NET 2.0. A great synopsis of all things most folks already know – but some new and interesting content around partial trust apps, and signing your database code. This team has also created a WIKI out on Channel9 that allows you…


Security Trimming in ASP.NET 2.0

Dan Sellers talks about Security Trimming in ASP.NET as a great way to easily limit access to certain areas of you application to certain roles/ I’ve never seen Dan’s blog before – but it’s chalk full of developer security goodness! Subscribed. When Security Trimming is enabled the standard SiteMapProvider class invokes the “IsAccessibleToUser” method to…


Securing WPF when running in the browser

Karen Corby has written a great article about hosting Windows Presentation Foundation in the browser. At the end of the article, are some really great little nuggets about security considerations and capabilities when running WPF in a ‘sandbox’. She’s also listed some good cross references to Security Whitepapers in Vista. The Windows Presentation Foundation Security whitepaper also talks…