|
|
| |
Review Details |
|
 |
Also see
Reviews and
How To Review. |
|
|
| |
|
| |
|
| |
Review
|
|
|
 |
| |
Reviewed: December, 2003 |
| |
Reviewer:
Sujan Turlapaty |
| |
|
| |
I enjoyed reviewing this book on .NET security and cryptography. This book
provides a smooth flow of the concepts beginning with two chapters of
introduction and fundamental concepts of cryptography techniques. It is
interesting to know that .NET supported so many techniques from the RAS,
Triple DES to the latest XML, Web services security. The authors provide
interesting scenarios and analogies of various techniques all through out
the book.
Chapter 3 and 4 describe both Symmetric and Asymmetric
approaches in implementing cryptography. They provide code samples in .NET
framework and the source code examples can be useful in understanding the
implementation. The Asymmetric techniques cover the drawbacks of symmetric
approaches and also it does provide scenarios where both techniques can be
used together for better performance. The authors provide the popular
asymmetric cryptography algorithms such as RSA with source code. Remember
that the source code can be downloaded from the book’s web site; it doesn’t
accompany the book in a CD.
Chapter 5 begins with an introduction to Hash
algorithms and differences between SHA1 and MD5. This might be useful for
programmers who are looking for an introduction and the authors do not
presume that the readers are advanced security programmers. This chapter
discusses the various techniques involved with digital signatures,
differences between RSA and DSA algorithms and also how each of them is
implemented in .NET framework with sample code and examples. The authors do
try to provide the mathematical underpinnings of cryptography but they
provide value only if you are quite adept with the mathematical concepts but
I should admit that the illustrations for RSA, DSA and XML signatures are
quite rare to find in other books and really helpful.
Chapter 6 discusses the latest topics on XML Encryption
and Signatures, with XML being used everywhere, this chapter provides a good
introduction to the .NET support for XML cryptography techniques. The
authors provide detail description of the XML related classes and methods
and also provide a working example.
Chapter 7 and 8 discuss the two important aspects of
.NET security User Based and Code Based. They provide insights into
.NET level security and O/S level security. The authors tried to provide
programmatic support to the techniques in both approaches and also give the
reader information about how to leverage each technique.
Chapter 9 and 10 are well presented with good code
samples on ASP.NET and Web Services Security. The authors have discussed
Forms Authentication, Passport authentication, Web Services security in
depth and provided relevant code samples.
The Appendix on Web Service is worth reading for its
good presentation.
The authors missed the opportunity to provide a
glossary of terms used in the book.
In conclusion, the book is worth buying for above
intermediate level .NET developers looking for a tutorial on .NET security
and cryptography. |
| |
|
| |
 |
| |
Copyright © 2000 - 2008
Denver Microsoft®
Visual Studio .NET User Group™.
All Rights Reserved. Please see
Notice. |
|
