<< 1 >>
Rating: Summary: A Comprehensive and Compact book Review: .NET Security( http://www.amazon.com/exec/obidos/ASIN/1590590538/ ), by Jason Bock, Pete Stromquist, Tom Fischer, Nathan Smith, is a very good Intermediate level book. They have touched upon all of the topics of interest when it comes to security in the .NET Framework going into fair amount of details whenever necessary.First chapter starts off with a introduction to Cryptography, good for someone who is just starting off learning about cryptography, a good refresher for others who already know about the basics of cryptography. Second chapter then goes on to talk about how the various cryptography classes have been implemented in the .NET framework and how they can be used. They talk about both symmetric and asymetric algorithms, Random Number Generation, Hashing etc. They even mention Salting, something that's not very well documented. Third chapter talks about Xml Encryption and including Digital Signatures in Xml Documents, this specification was so new when .NET came out that I was surprised to see the Xml Signature implementation in the System.Security namespace, the downside though as a result was very little documentation, not any more though, the third chapter talks about everything one needs to know about Xml Encryption and Signatures in detail. The fourth chapters goes into a good amount of detail on Code Access Security. The authors show a good mix of managing security using both code and also using the Control Panel utilities. They go on to write and deploy their own permission class. The rest of the book talks about Security when using Remoting and also Role Based Security, in short they talk about security considerations in every kind of scenario. The chapters on ASP.NET security and MS Passport were not that useful to me though since those topics have pretty much been beaten to death by every ASP.NET book out there. Oh yes the last chapter on the risks of decompiling .NET assemblies and suggestions on how to mitigate that was a good read. APress seems to have developed a knack for publishing books that are thin and to the point, this one is no exception, I'd give this book an 8 on 10. I would've given it a higher rating if it would've talked about the AllowPartiallyTrustedCallersAttribute, I think a discussion of CAS is incomplete without the mention of this attribute. Other books out there that cover Security in .NET are the following 1. .NET Framework Security( http://www.amazon.com/exec/obidos/ASIN/067232184X/ ). I saw the table of contents for this book, it pretty much covered everything this book covers, this book was a whole lot thicker though, so I did thumb thru it at [a local store], thought the first 3 chapters or so were useless as they talked about security risks, thought that was pointless since I know pretty much what the risks are hence I am reading about security :), thought the .NET Security book by APress book covered pretty much everything that this book has and in a more concise way...
Rating: Summary: A terse introduction only... Review: I bought this book in hopes it would add to the excellent information in the book ".NET Framework Security". Alas, the book's various topics are only given lip service. If you're looking for a hard core analysis of code access security, only buy this as a secondary reference.
Rating: Summary: Unfortunately, only good for a solid overview Review: It covered all the topics you would expect, but it is mostly a just a good overview of .NET security. I expected more in-depth coverage for a book titled as such. It has only a very brief overview of encryption algorithms without enough real world examples in my opinion, being an advanced .NET programmer but new to the issue of security. The book is actually quite thin compared to its competition, so that should have tipped me off. You could go through it in a couple of days, but the price doesn't reflect that. I was really impressed with the .NET Programming with C# book from the same (small) publisher, so I was really hoping for a lot more. Consider the table of contents and decide for yourself whether this books warrants a purchase. It's a reasonably new topic of course so there are only a few other choices out there right now.
Rating: Summary: Unfortunately, only good for a solid overview Review: This is a very good book for anyone new to .NET and or security. The .NET documentation is missing in several areaas and this book helps fill in the gaps that the docs have in security. But this book IS NOT a regurgitation of what I can find in the docs. It is new material The first couple of chapters make it very clear how to do encryption with .NET. This is the first time I have seen an explanation for what the IV key is for in the encryption algorithms. I was pleasantly surprised to see the discussion in chapter 3 about XML encryption. The standards for this are just coming into scope and this chapter does a nice job of describing what is happening in this space. Code access security is a tught topic to cover in a short chaptyer but the authors do a good job. Again, there is a lot of hype about code access security but you have to look hard to find any real information about it. While I don't have to worry about this right now, this chapter gave me a good understanding of what is possible and how to do it. I also found the last chapters on remoting and ASP.NET interesting and learned a few things in each chaptyer. Is this book a 'cover everything including the kitchen sink' refernce? No. But it is a very good book for anyone who wants a good, solid introduction to the capabilities of .NET security and cryptography. And for me, that is important! Give me information that I can use and work with now. Not more reference material that I need to digest and sort through.
Rating: Summary: A Good Starting Book Review: This is a very good book for anyone new to .NET and or security. The .NET documentation is missing in several areaas and this book helps fill in the gaps that the docs have in security. But this book IS NOT a regurgitation of what I can find in the docs. It is new material The first couple of chapters make it very clear how to do encryption with .NET. This is the first time I have seen an explanation for what the IV key is for in the encryption algorithms. I was pleasantly surprised to see the discussion in chapter 3 about XML encryption. The standards for this are just coming into scope and this chapter does a nice job of describing what is happening in this space. Code access security is a tught topic to cover in a short chaptyer but the authors do a good job. Again, there is a lot of hype about code access security but you have to look hard to find any real information about it. While I don't have to worry about this right now, this chapter gave me a good understanding of what is possible and how to do it. I also found the last chapters on remoting and ASP.NET interesting and learned a few things in each chaptyer. Is this book a 'cover everything including the kitchen sink' refernce? No. But it is a very good book for anyone who wants a good, solid introduction to the capabilities of .NET security and cryptography. And for me, that is important! Give me information that I can use and work with now. Not more reference material that I need to digest and sort through.
<< 1 >>
|