Chapter 14: Implementing ASP Security
Many commercial organizations may regard the risks of doing business in cyberspace as unacceptable—but the rapid expansion of this powerful delivery channel means they make such decisions at their peril. The use of the Internet is no longer an option—any hesitation means that their rivals will gain a considerable head start in using this potent technology.
There is also a lot of unfortunate and ignorant hype over Internet security. Scare stories are often generated by the same people who are quite happy to hand over a credit card to complete strangers in a shop and allow them to swipe, and potentially copy, their credit card details. Like any commercial activity, the risks of using the Internet should be put in perspective. There now exists a comprehensive set of technologies enabling companies to build secure business applications for deployment over the Internet. To perform accurate risk analysis, it is important to understand what levels of protection each one provides.
In this chapter we shall address in depth the fundamental security technologies that are relevant to the Internet Information Server with Active Server Pages, and show how the Windows NT Web technologies provide the foundations of a bulletproof Internet solution. We will be covering security issues in four different but related areas:
Understanding and assessing the risks we face on the Internet
The security features available from the NT operating system and IIS
How we can use Secure Channel Services for our transactions
- The effect Active Server Pages has on the security of our site
But first, a little history…