لطفا منتظر باشید ...
Index
I
identity objects, 87, 88, 89, 387
identity theft, educating users, 42–44
idle accounts, 16–18
imperative security, 100–101, 372–373
information leakageand asymmetric cryptography, 177–178
building login forms, 55–57
connecting to data sources, 274–279
creating random numbers, 187–188
defined, 54, 207, 262, 310
designing secure tokens, 113–117
encrypting XML data, 333–348
ensuring last privilege for databases, 270–272
and hashing algorithms, 179–186
keeping memory clean, 188–190
preventing leaks, 314–315
preventing SQL injection, 280–291
protecting communications with SSL, 196–198
protecting cookies, 124–131
protecting secrets, 190–195
reporting and logging rrors, 322–326
and structured error handling, 318–322
and symmetric cryptography, 156–177
token threats, 112
using forms authentication, 58–65
and View State feature, 131–135
Windows authentication, 65–75
writing secure SQL code, 291–296
initialization vectors (IVs), 170, 173–176
input filtering, 206–207
input sources, identifying manipulations, 207–211, 251, 254
integrated Windows authentication, 68–69
Internet Information Services (IIS)configuring to minimize file system attacks, 259
double decoding vulnerability, 237–239
hardening server applications, 248–250
locking down application file system access, 297–298
and ODBC, 268
registry settings to limit allowed characters, 249–250
registry settings to limit request length, 249
intranet code modules, limiting access to, 246
intrusion detection, role of honey pots, 241–243
involving users, 44–45, 52
IPSec, and rule of least privilege, 272
ISAM (indexed sequential access method)and Jet drivers, 268–269
isolated storage, 192–194
Isolated Storage utility, 417
IsolatedStorageFilePermission class, 374
IsPersistent property, Ticket class, 129
IsSemiWeakKey method, 161, 162
IsWeakKey method, 161–162
