لطفا منتظر باشید ...
Index
W
Web applicationshiding unused code, 244–245
limiting access to code, 246
locking down file system access in IIS, 297–298
parameterizing input, 236–237
reducing attack scope, 247–248
reducing exposure to attacks, 244–247
Web serversways to gain unauthorized access, 191
ways to protect secrets, 192–195
Web sitesas code group membership condition, 371
preventing information leakage, 314–315
as type of evidence, 368
web.config filecleartext passwords in, 58
and configuration hierarchy, 98–99
machineKey setting, 150
URL authorization, 93–95
.webinfo files, 63
WebPermission class, 375
wildcards, avoiding, 292
Windows Authentication, 276
Windows authenticationbasic, 66–67, 70, 71
blocking administrator logins, 73–75
blocking basic authentication without SSL, 70–72
and client certificate mapping, 69–70
digest, 67–68
integrated, 68–69, 70
overview, 65–66
principal and identity objects, 89
which method to use, 70–75
Windows principals, 363
WindowsPrincipal object, 388–389
WMI classes, and least privilege principle, 247–248
writing to data files, 296–302
