Enterprise Library Test Guide - Willy .Net
Enterprise Library Test Guide - Willy .Net
Enterprise Library Test Guide - Willy .Net
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Test</strong>ing for Security Best Practices 131<br />
No.<br />
External<br />
Dependencies Descriptions<br />
8 WMI The Logging Application Block uses WMI to raise<br />
events.<br />
9 Performance<br />
counters<br />
The Logging Application Block uses performance<br />
counters to track its performance.<br />
Data<br />
Direction<br />
Push<br />
Push<br />
Trusted?<br />
Yes<br />
Yes<br />
Identify the Implementation Assumptions<br />
Implementation assumptions are premises about how the application block works.<br />
Implementers describe these assumptions when they write the specification for the<br />
application block and before they begin writing the code. Typically, these assumptions<br />
are reviewed again once the implementation is complete. Table 5 lists the implementation<br />
assumptions about the Logging Application Block. The term “application”<br />
refers to the application that uses the Logging Application Block.<br />
Table 5: Logging Application Block Implementation Assumptions<br />
No. Category Assumptions<br />
1 ACLs for event log The event log’s ACLs protect the log against unauthorized users and<br />
processes.<br />
2 Database access<br />
privileges<br />
3 Message queuing<br />
access privileges<br />
4 File system<br />
privileges<br />
5 SMTP server<br />
privileges<br />
The application has the appropriate privileges to access the database.<br />
The application has the appropriate privileges to access the message<br />
queues.<br />
The application has the appropriate privileges to access the file<br />
system.<br />
The application has the appropriate privileges to use the SMTP<br />
server to send e-mail messages.<br />
6 WMI privileges The application has the appropriate privileges to raise WMI events.<br />
7 The application<br />
that uses the Data<br />
Access Application<br />
Block to log<br />
messages to a<br />
database<br />
8 Other subsystems<br />
and application<br />
blocks<br />
9 Performance<br />
counters<br />
The application can identify and authorize the Data Access Application<br />
Block. In this case, “identify” means that the application can<br />
trust the Data Access Application Block assemblies. Authorization<br />
means that the application has the correct SQL Server permissions<br />
to allow the appropriate groups of users to read and write to the<br />
database.<br />
The Logging Application Block is dependent on the <strong>Enterprise</strong><br />
<strong>Library</strong> Core for configuration information and the Data Access<br />
Application Block to use the Database Trace Listener. The Logging<br />
Application Block must ensure that it uses the correct <strong>Enterprise</strong><br />
<strong>Library</strong> Core assemblies for configuration and the correct Data Access<br />
Application Block assemblies to log messages to a database.<br />
The Logging Application Block requires the necessary read and<br />
write access permissions to use the performance counters.<br />
continued