Index
M
machine store, 195
machine.config file, and configuration hierarchy, 98–99
MACs (message authentication codes)for enhancing session token security, 136–139
for View State, 133–134
MACTripleDES function, 182
makecert.exe tool, 416
malicious inputbounds checking, 219–222
code audit summaries, 254–257
coding standards, 251–254
encapsulating, 234–236
exception handling, 240–241
handling, 207–250
hardening server applications, 248–250, 254, 257
identifying sources, 207–211, 251, 254
limiting exposure, 243–250
pattern matching, 222–226
programming defensively, 211–218, 251, 254
reducing attack scope, 247–248, 253, 257
reducing attack surface, 243–247, 253, 256–257
syntax checking, 239–240
man-in-the-middle attacksand asymmetric cryptography, 177–178
creating random numbers, 187–188
defined, 54
encrypting XML data, 333–348
and hashing algorithms, 179–186
protecting communications with SSL, 196–198
protecting secrets, 190–195
signing XML data, 348–357
and symmetric cryptography, 156–177
token threats, 139
Windows authentication, 65–75
managed code vs. CryptoAPI, 203
many-to-one certificate mapping, 69–70
mappingcertificates to user accounts, 69–70
non-ASP.NET resources, 63–64
MaxFieldLength value, 249
MaxRequestBytes value, 249
MaxRequestEntityAllowed metabase setting, 249
MD5 hashing algorithmdefined, 180
verifying data integrity, 181
in web.config file, 58, 61
MD5CryptoServiceProvider class, 413
memory, keeping clean, 188–190
MessageQueuePermission class, 375
Microsoft Management Console (MMC), 396
mother’s maiden name, 40