Improving Web Application Security: Threats and Countermeasures

In This Chapter

• Preventing anonymous access to serviced components

• Protecting sensitive data

• Authorizing callers by using Enterprise Services (COM+) roles

• Using least privileged run-as accounts

• Securing secrets in object constructor strings

• Auditing from middle tier serviced components

• Deployment considerations for serviced components