• .NET Security Blog

    Running Processes as a Different User

    • 14 Comments
    Before Whidbey, if you wanted to run code as a different user, you needed to use impersonation. There was no easy solution for starting a new process and having it run with a different user's credentaials. Probably the best solution in v1.0 and 1.1 of...
  • .NET Security Blog

    A .NET Developer's Guide to Windows Security

    • 3 Comments
    Keith Brown has made avaiable an online version of his book, The .NET Developer's Guide to Windows Security . You can browse the book for free, with a slightly modified title: A .NET Developer's Guide to Windows Security . I haven't had time to look through...
  • .NET Security Blog

    Making Strings More Secure

    • 40 Comments
    The standard System.String has never been a very secure solution for storing sensitive strings such as passwords or credit card numbers. Using a string for this purpose has numerous problems, including: It's not pinned, so the garbage collector can move...
  • .NET Security Blog

    Programming Language Evolution and Text on Potato Chips

    • 1 Comments
    I ran across Eric Levenez's Programming Language History page , its pretty fun to check out. He's got 50 programming languages starting from Fortran in 1954, going through PHP 4.36 in May 2004 plotted according to release dates and languages they evolved...
  • .NET Security Blog

    Using the XSLT Transform with XML Signatures

    • 5 Comments
    One of the transforms that ships with the .Net framework is the XmlDsigXsltTransform, which implements the XSLT transform specified in the W3C recommendation. A few people have asked me to write a bit on how to use this transform, so here's a brief explanation...
  • .NET Security Blog

    Managed DPAPI Part II: ProtectedMemory

    • 14 Comments
    Last week (ok, really two weeks ago ....), I wrote about using DPAPI with Whidbey. (You can find that post here: Managed DPAPI Part I: ProtectedData ). In addition to the ProtectedData class, Whidbey will also expose DPAPI through the ProtectedMemory...
  • .NET Security Blog

    Managed DPAPI Part I: ProtectedData

    • 13 Comments
    Overview of DPAPI Although APIs such as CAPI and the .NET System.Security.Cryptography classes make using cryptography relatively easy, one of the hardest things to do when implementing a secure cryptographic system is key management. In order to help...
  • .NET Security Blog

    New Microsoft Crypto Newsgroup

    • 4 Comments
    We've just launched a brand new newsgroup, microsoft.public.security.crypto, for questions and issues on all crypto related items (such as CAPI, CAPICOM, X509, etc). It was launched at about 11:00am this morning, so it may be some time before your news...
  • .NET Security Blog

    Arrays and SOS

    • 4 Comments
    Looking at arrays with SOS on WinDBG is not exactly the most intuitive process in the world. In order to demonstrate how to do this, I've written a small sample program that I'm going to “debug”. The code simply creates three arrays: ...
  • .NET Security Blog

    Writing Managed Code With VC++ 2005

    • 0 Comments
    There's been a few articles around lately on the new syntax for Managed C++ that's in VC++ 2005. MSDN had an article in the May magazine by Stephen Toub, Write Faster Code with the Modern Language Features of Visual C++ 2005 , which focuses on many new...
  • .NET Security Blog

    xml:id and SignedXml

    • 4 Comments
    A few weeks back, I posted about customizing how SignedXml searches for XML elements identified by a reference to an ID. By default, SignedXml searches for elements with an attribute named Id that has the given value. Recently, the W3C has come up...
  • .NET Security Blog

    XmlIdSignedXml.cs

    • 2 Comments
    using System; using System . Security . Cryptography . Xml; using System . Xml; /// <summary> /// Provides xml:id support for XML digital signatures /// </summary> /// <remarks> /// This class allows the .NET XML Digital Signature system...
  • .NET Security Blog

    Why Doesn't .NET Support Deterministic Finalization?

    • 1 Comments
    This email from Brian Harry has been making the rounds again lately. It's a pretty in depth talk about the reasons why .NET doesn't support deterministic finalization, including the history behind it. I found it a pretty interesting read. The mail's a...
  • .NET Security Blog

    ClickOnce Overview in May's MSDN Magazine

    • 0 Comments
    ClickOnce made the cover of the May 2004 issue of MSDN Magazine . (OK, yes, it was just a little blurb at the bottom of the cover, but that still counts!). Bryan Noyes gives a nice general overview of what you can do with ClickOnce in the article ...
  • .NET Security Blog

    Customizable CAS Defaults

    • 3 Comments
    One of the nicer new Whidbey features, at least from an admin standpoint, is the ability to customize the default CAS settings. On v1.0 and 1.1 of the framework running caspol -all -reset resulted in the security policy being reset to hardcoded defaults...
  • .NET Security Blog

    P/Invoke Wiki

    • 2 Comments
    Adam Nathan , who you may recognize as being the author of .NET and COM: The Complete Interoperability Guide , has started up a Wiki on P/Invoke . You'll find lots of P/Invoke definitions, along with recommend managed alternatives and gotchyas there....
  • .NET Security Blog

    New VC++ Toolkit 2003

    • 0 Comments
    The Visual C++ team has released the Visual C++ Toolkit 2003 , which includes the full optimizing C++ compiler found in VC++ 2003 professional. It also includes the STL, standard C library, and some samples. Definately worth checking out if you're in...
  • .NET Security Blog

    Signing Assemblies With C# in Whidbey

    • 16 Comments
    You may be in for a surprise when you try to rebuild your strongly named assemblies written in C# under Whidbey for the first time. If you're using the AssemblyKeyFile attribute, you'll get a warning similar to this: signed.cs(4,11): warning CS1699...
  • .NET Security Blog

    Generating a Key from a Password

    • 31 Comments
    If you're trying to encrypt data using a password, how do you convert the password into a key for symmetric encryption? The easiest way might be to simply convert the password to a byte array, and use this array as your key. However, this is a very bad...
  • .NET Security Blog

    Ivan Writes about Strong Name Signing with Smart Cards

    • 0 Comments
    Ivan's written a new article , showing how to use keys stored on a smart card to strong name sign an assembly. Worth a read if you've ever wondered how this might be done, or wanted a more secure method than using .snk files.
  • .NET Security Blog

    Whidbey's Secure CRT

    • 8 Comments
    One of the features that the Whidbey release of Visual C++ is going to bring is the new Secure CRT. The C++ library team has put a lot of work into creating safe alternatives to the old C runtime library functions that seem to always be behind security...
  • .NET Security Blog

    Using XPath to Sign Specific XML

    • 13 Comments
    In my last posting , I promised to write about a more general purpose way of selecting specific XML to sign. Although the technique I presented in the last post will work, it requires a custom class derived from SignedXml, and will not work unless both...
  • .NET Security Blog

    Searching for Custom ID Tags With Signed XML

    • 16 Comments
    Last week, I blogged about using references to sign only specific parts of an XML document. The biggest limitation with doing this is that you must refer to the nodes that are being signed by ID, which for v1.1 and 1.0 of the framework was given by an...
  • .NET Security Blog

    Signing Specific XML With References

    • 6 Comments
    I've previously blogged about creating XML digital signatures using the .NET framework, but today I'd like to write about a more advanced technique using these signatures. My previous post signed an entire XML document, however, this is not always necessary...
  • .NET Security Blog

    What's New in XML For Whidbey

    • 1 Comments
    The new XML Developer Center on MSDN has a nice article about the new XML features in Whidbey . The top 10 list is: Performance XPathEditableNavigator, an Updatable Cursor The XPathDocument as a Better DOM Easier XPath Queries with Namespaces...
Page 13 of 15 (368 items) «1112131415