Visual Studio Magazine - Book review: Implement Security and Cryptography

Book Review: Implement Security and Cryptography
by David Mack

Posted November 21, 2003

Any application being developed in a network-based world should take security into consideration. .NET Security and Cryptography by Peter Thorsteinson and G. Gnana Arun Ganesh does an excellent job of laying down the foundation for .NET security features and showing you how to use them properly. The authors discuss numerous topics, including hashing, encryption, decryption, the .NET security model, and ASP.NET.

I knew I was going to like what this book had to say after reading only the first three pages. The analogies and examples given within the first few pages give you a feel for the authors' conversational style. They give you the theory behind each topic and then proceed to delve into the low-level details.

The first part of the book is devoted to cryptography. I didn't realize how many algorithms are included in the .NET platform. This book covers the obvious algorithms, such a RSA and Triple DES, but it also covers more modern topics such as XML encryption and signatures. XML is ubiquitous now, so it makes sense to know how to protect all or portions of your data as it is being shared.

The second half of the book focuses on security and how to implement it programmatically. The section on the .NET security model was extremely helpful. The book explains the various security approaches .NET supports and gives you the information you need to decide which ones you want to leverage. The authors discuss credentials, groups, and permission sets in great detail. However, I'd like to see more information about ASP.NET and Passport.

Overall, this book is well worth the money. It reads nicely, and the topics are covered in a logical fashion. This book is not for the novice programmer; it's intended to be a tutorial for someone with decent experience writing code. This book could pay for itself in the time you save using the examples provided.

.NET Security and Cryptography
by Peter Thorsteinson and G. Gnana Arun Ganesh
Prentice Hall
ISBN: 013100851X
Price: $49.99
Quick Facts: Covers .NET implementation of various cryptography and security topics such as hashing, encryption, and authentication.
Pros: Describes complex topics in a clear and concise manner; good coding examples.
Cons: Some topics such as ASP.NET and Passport could have been discussed more.

About the Author
David Mack is a technical lead in the National Intelligence Division at Titan Systems. He has more than 10 years of management and software engineering experience. David also does software consulting. You can reach him at .