UDL files, 278
UIPermission class, 375
unauthorized access
deciding how to authorize users, 87–91
defined, 54
employing file authorization, 91–93
UnIdentityPermission class, 375
Unix utilities, downloading, 214
unstructured error handling, 318–320
untainted variables, 212
UPN certificate mapping, 69–70
URL authorization
blocking HTTP verbs, 95–97
files and paths, 97–98
overview, 93
users and roles, 93–95
UrlPathEncode method, 232, 233
UrlReferrer property, 208
URLs
as code group membership condition, 371
as type of evidence, 368
URLScan, 259
UrlSegmentMaxCount value, 249
UrlSegmentMaxLength value, 249
user-defined database roles, 279
user input
constraining, 218–243
techniques for validating, 218–243
user store, 195
user weakness, on cryptographic systems, 155
UserAgent property, 208
UserHostName property, 208
usernames
easily guessed, avoiding, 11–12
limiting exposure, 15–16
reason for requiring, 3
vulnerability, 51
in web.config file, 58–61
users.See also accounts, user
authenticating, 55–86
authorizing, 86–102
educating, 42–44
empowering, 42–45
establishing credentials, 3–18
limiting idle accounts, 16–18
security threat summary, 2–3