> hi there > I've been given a job to handle the security aspects of big banking > application.
Step 1) Read "Secrets & Lies" Step 2) Realize, after reading the book, that unless you're an expert in cryptography, you're probably not qualified to build a secure system. Seriously. The book is a must-read. My main conclusion from reading it is that security can only be done properly by experts. I felt particularly justified when I was able to completely break the password scheme on a competitor of my client's product in about 20 minutes. That said, you often find that people don't really care about making something actually be secure. They just want to set it up so users without a clue can't do what they're not supposed to most of the time. > As I mentioned earlier, each teller comes with info about his default > Office, the permissions describe the security on objects beside his > office... > I've searched MS docs for a proposed solution for data > security besides > Role based, but to no avail. It seems that every big application > Needs that kind of security but no one has posted a solution, > > The problem is "merely" MATCHING the permission to the data > has submitted. Yes, this is a very common problem. No, there's nothing I know of in the framework that would take care of this. There may be third party products that let you define your security on individual data objects. You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
