Index - Hacking the Code ASP.NET Web Application Security [Electronic resources] نسخه متنی

Index

P

Page class, 208

parameter manipulation, as threat, 131

parameterizing

code auditing standards, 255–256

coding standards, 252

defined, 219

overview, 236–237

parameters, hiding unused code, 244–245

PassHash utility

C#, 59–60

VB.NET, 59, 60–61

Passport

authentication, 75–78

as authentication tool, 78

overview, 75

principal and identity objects, 89

security concerns, 75–77

PasswordDeriveBytes class, 171

passwords

best practices, 51–52

changing regularly, 25–27

complexity requirements, 4

deriving keys from, 171, 172–173

easily guessed, avoiding, 5, 6, 10–12

forgotten, resetting, 28–42

hashing, 234

history issues, 22, 23–25

lost, resetting, 28–42

managing, 19–27

maximum length, 51

minimum length, 4–5

optimum age, 22–25

procedures for resetting, 28–34, 52

producing keys from, 204

randomly generated, 51

requiring changes, 22–25

reusing, 22–25

role of e-mail, 28, 29, 34–36, 52

role of secret questions, 38–42

role of usernames, 3

storing as hashes, 183–186

storing in databases, 19–22

strong, enforcing, 4–10

temporary, 36–38, 52

tips for choosing, 4, 5

tools for cracking, 10

validating using C# code, 6–8

validating using VB.NET code, 8–10

in web.config file, 58–61

Path property, 208

Path property, cookies, 127–128

PathInfo property, 208

pattern matching

C# code, 222, 224

defined, 218

overview, 222

regular expressions, 224, 225

VB.NET code, 223, 224

PE Verify utility, 416

PercentUAllowed value, 250

PerformanceCounterPermission class, 375

Perl programming language, 211–212

permission sets

attaching to code groups, 405–411

creating, 399–404

permissions, in .NET Framework

custom, 385–386

demanding, 376–379

overview, 362–363

requesting, 373–376

Permissions View utility, 416

PermitOnly overrides, 385

permview.exe tool, 416

peverify.exe tool, 416

PGP, and e-mail, 35, 36

phishing, 43, 54, 112

physical attacks, on cryptographic systems, 155

PINs vs. passwords, 11

plaintext, defined, 154

PrincipalPermission object, 392, 393–395

PrincipalPermissionAttribute object, 393

principals

manipulating identity, 390–392

overview, 87, 88, 89, 387

in role-based security, 387–396

types, 363–364

principle of least privilege, 247–248

PrintingPermission class, 375

privacy

role of secret questions, 38–42

sending information via e-mail, 34–36

private keys, in asymmetric cryptography, 177–178

privilege escalation

deciding how to authorize users, 87–91

defined, 54, 262

employing file authorization, 91–93

properties, exception handling, 240–241

pseudorandom-number generators (PRNGs), 155, 187

public keys, in asymmetric cryptography, 177–178

PublisherIdentityPermission class, 375

publishers, as code group membership condition, 371

publishers, as type of evidence, 368