Why to Adopt .Net

Written by Pawan Bangar

Why adopt .Net

•Websites and web services: For businesses to truly harnessrepparttar power ofrepparttar 107786 internet, websites must evolve. They must learn to interact with one another as well as with existing systems and applications. XML web services representrepparttar 107787 evolution ofrepparttar 107788 websites. •Integration: Takingrepparttar 107789 modular aspects of modern software applications and allowing them to communicate through standard internet protocols (XML & SOAP), XML Web services offer a direct means by which business processes and interact. •Reaching out: Creating XML web services and exposing them onrepparttar 107790 internet also provides another key advantage, it greatly expandsrepparttar 107791 number of customers and business partners that can come in contact with a business's services. •Rapid Development: Microsoft's Visual Studio .Net andrepparttar 107792 .Net framework empowers developers to quickly and easily create cutting-edge XML web services and applications building on their existing skills sets. Through multi-language support, developers are free to userepparttar 107793 appropriate language in building web services. In addition to their technical capabilities, these developer technologies help alleviaterepparttar 107794 greatest scarcity inrepparttar 107795 world: skilled programmers.

The Problems with Passwords

Written by ArticSoft - www.articsoft.com


Most current password systems forrepparttar Internet are flawed. Designs that were almost acceptable 10 and 15 years ago have not been updated. Instead of moving to integrating authentication services under a cryptographically sound approachrepparttar 107785 IT industry has continued to proliferate multiple incompatible systems. Users are increasingly exposed by suppliers who feel no pressure to do anything better. There are parallels withrepparttar 107786 situation where web site page design methods are increasingly being rejected by security software because they represent known security weaknesses that have been exploited by hackers and viruses.


The approach to using a log on identifier and password goes back torepparttar 107787 early days implementing security on mainframe systems. This kind of security was introduced as soon as it was possible for people outsiderepparttar 107788 computer room to be able to use computer resources. Up until then access was controlled by physical security.

As we rolled terminals out into user areas, sorepparttar 107789 ID/password concept was rolled out also. Initially these were held in a file that was not protected, but after some splendid security breaches on Unix systems in particular these files were encrypted to make an attacker work harder to get anywhere.

Passwords were short (6 characters). They were short becauserepparttar 107790 ID would be disabled ifrepparttar 107791 password was entered three times incorrectly. They were also short so you didn’t have much to type and would likely get it right. They were short because it gave you less to remember.

Initial design considerations

Experience with short passwords soon threw up a series of flaws for user implementation. In no particular order these included:

using a ‘standard’ word such as boss, master, doall, passwd; using a dictionary word orrepparttar 107792 name ofrepparttar 107793 business; using repeating letters or numerals (AAAAAA, 111111 and so on).

Six characters were also found to be just about short enough for someone to watch and remember whilstrepparttar 107794 user typed them in.

To counterrepparttar 107795 users attempts to make their lives easier, systems were invented that changed passwords on a regular basis (say monthly, and even daily for critical passwords), compelledrepparttar 107796 new password to be different, and checked it against a list of previously used passwords. More sophisticated systems enforced rules requiring passwords to be structured using letters and digits in non-repeating patterns.

These approaches more or less forced users to break other security rules and write down their passwords – particularly if they had several to ‘remember’. (I recall a ‘classic’ case where a user was being expected to remember more than 20 passwords, some of which wererepparttar 107797 only way to access encrypted documents. Naturally they did not listen torepparttar 107798 ideas of regular change and remembering everything.)

The security people continued to ignorerepparttar 107799 problems faced by human users. ID/password systems were not integrated followingrepparttar 107800 argument that a compromise of one system must not compromise all systems. (This was then ignored inrepparttar 107801 attempts to find a system that would securely connect a user to all their applications with just one password.) Applications designers have continued to implement their own ideas about user identification - or none at all by makingrepparttar 107802 assumption that magic would somehow occur outside their control.

There continues therefore to be a central dichotomy between those who want short passwords that are forever changing and those who want one password that a user can remember, but it cannot be short and it must be memorable.

Technical design problems

Early password systems restricted user choice to upper case and numerals, thus givingrepparttar 107803 attacker a much reduced space of attack (the permutations and combinations of valid input data). Later systems used upper and lower case and this improved things a bit in terms ofrepparttar 107804 number of attemptsrepparttar 107805 attacker had to make before he could find it by ‘brute force’ (still not all eight bits of each byte since not everything is onrepparttar 107806 keyboard).

Later systems convertedrepparttar 107807 password into a ‘hash’ or one way encrypted field so that it could not be readily reverse engineered by an attacker. Unfortunatelyrepparttar 107808 hashing systems were not necessarily very effective, and even when they were,repparttar 107809 amount of space they give you is not that large andrepparttar 107810 attacker can choose any password that gives them a valid hash, not justrepparttar 107811 onerepparttar 107812 user selected. Please note that when passwords are used on their own (that is without a separate Identity field),repparttar 107813 attack space is reduced byrepparttar 107814 number of passwords that have actually been issued, since forrepparttar 107815 attacker any valid password is good enough.

Even later some subtle systems combinedrepparttar 107816 user id andrepparttar 107817 password into a hash. This createdrepparttar 107818 potential for more space, althoughrepparttar 107819 length of both parts andrepparttar 107820 way that they were combined was critical torepparttar 107821 quality ofrepparttar 107822 result.

Cont'd on page 2 ==>
ImproveHomeLife.com © 2005
Terms of Use