Computers: Why to Adopt .Net

Why to Adopt .Net

Written by Pawan Bangar

Why adopt .Net

•Websites and web services: For businesses to truly harness repparttar power of repparttar 107786 internet, websites must evolve. They must learn to interact with one another as well as with existing systems and applications. XML web services represent repparttar 107787 evolution of repparttar 107788 websites. •Integration: Taking repparttar 107789 modular aspects of modern software applications and allowing them to communicate through standard internet protocols (XML & SOAP), XML Web services offer a direct means by which business processes and interact. •Reaching out: Creating XML web services and exposing them on repparttar 107790 internet also provides another key advantage, it greatly expands repparttar 107791 number of customers and business partners that can come in contact with a business's services. •Rapid Development: Microsoft's Visual Studio .Net and repparttar 107792 .Net framework empowers developers to quickly and easily create cutting-edge XML web services and applications building on their existing skills sets. Through multi-language support, developers are free to use repparttar 107793 appropriate language in building web services. In addition to their technical capabilities, these developer technologies help alleviate repparttar 107794 greatest scarcity in repparttar 107795 world: skilled programmers.

The Problems with Passwords

Written by ArticSoft - www.articsoft.com

Overview

Most current password systems for repparttar Internet are flawed. Designs that were almost acceptable 10 and 15 years ago have not been updated. Instead of moving to integrating authentication services under a cryptographically sound approach repparttar 107785 IT industry has continued to proliferate multiple incompatible systems. Users are increasingly exposed by suppliers who feel no pressure to do anything better. There are parallels with repparttar 107786 situation where web site page design methods are increasingly being rejected by security software because they represent known security weaknesses that have been exploited by hackers and viruses.

Introduction

The approach to using a log on identifier and password goes back to repparttar 107787 early days implementing security on mainframe systems. This kind of security was introduced as soon as it was possible for people outside repparttar 107788 computer room to be able to use computer resources. Up until then access was controlled by physical security.

As we rolled terminals out into user areas, so repparttar 107789 ID/password concept was rolled out also. Initially these were held in a file that was not protected, but after some splendid security breaches on Unix systems in particular these files were encrypted to make an attacker work harder to get anywhere.

Passwords were short (6 characters). They were short because repparttar 107790 ID would be disabled if repparttar 107791 password was entered three times incorrectly. They were also short so you didn’t have much to type and would likely get it right. They were short because it gave you less to remember.

Initial design considerations

Experience with short passwords soon threw up a series of flaws for user implementation. In no particular order these included:

using a ‘standard’ word such as boss, master, doall, passwd; using a dictionary word or repparttar 107792 name of repparttar 107793 business; using repeating letters or numerals (AAAAAA, 111111 and so on).

Six characters were also found to be just about short enough for someone to watch and remember whilst repparttar 107794 user typed them in.

To counter repparttar 107795 users attempts to make their lives easier, systems were invented that changed passwords on a regular basis (say monthly, and even daily for critical passwords), compelled repparttar 107796 new password to be different, and checked it against a list of previously used passwords. More sophisticated systems enforced rules requiring passwords to be structured using letters and digits in non-repeating patterns.

These approaches more or less forced users to break other security rules and write down their passwords – particularly if they had several to ‘remember’. (I recall a ‘classic’ case where a user was being expected to remember more than 20 passwords, some of which were repparttar 107797 only way to access encrypted documents. Naturally they did not listen to repparttar 107798 ideas of regular change and remembering everything.)

The security people continued to ignore repparttar 107799 problems faced by human users. ID/password systems were not integrated following repparttar 107800 argument that a compromise of one system must not compromise all systems. (This was then ignored in repparttar 107801 attempts to find a system that would securely connect a user to all their applications with just one password.) Applications designers have continued to implement their own ideas about user identification - or none at all by making repparttar 107802 assumption that magic would somehow occur outside their control.

There continues therefore to be a central dichotomy between those who want short passwords that are forever changing and those who want one password that a user can remember, but it cannot be short and it must be memorable.

Technical design problems

Early password systems restricted user choice to upper case and numerals, thus giving repparttar 107803 attacker a much reduced space of attack (the permutations and combinations of valid input data). Later systems used upper and lower case and this improved things a bit in terms of repparttar 107804 number of attempts repparttar 107805 attacker had to make before he could find it by ‘brute force’ (still not all eight bits of each byte since not everything is on repparttar 107806 keyboard).

Later systems converted repparttar 107807 password into a ‘hash’ or one way encrypted field so that it could not be readily reverse engineered by an attacker. Unfortunately repparttar 107808 hashing systems were not necessarily very effective, and even when they were, repparttar 107809 amount of space they give you is not that large and repparttar 107810 attacker can choose any password that gives them a valid hash, not just repparttar 107811 one repparttar 107812 user selected. Please note that when passwords are used on their own (that is without a separate Identity field), repparttar 107813 attack space is reduced by repparttar 107814 number of passwords that have actually been issued, since for repparttar 107815 attacker any valid password is good enough.

Even later some subtle systems combined repparttar 107816 user id and repparttar 107817 password into a hash. This created repparttar 107818 potential for more space, although repparttar 107819 length of both parts and repparttar 107820 way that they were combined was critical to repparttar 107821 quality of repparttar 107822 result.

Cont'd on page 2 ==>