Enterprise Library Test Guide - Willy .Net
07.11.2014 Views
Share Embed Flag

Enterprise Library Test Guide - Willy .Net

Enterprise Library Test Guide - Willy .Net

Enterprise Library Test Guide - Willy .Net

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
willydev.net

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

156<br />

<strong>Enterprise</strong> <strong>Library</strong> <strong>Test</strong> <strong>Guide</strong><br />

Design and Deployment Checklist<br />

Table 44 lists the design and deployment recommendations.<br />

Table 44: Design and Deployment Checklist<br />

Check<br />

Yes<br />

Yes<br />

Yes<br />

Yes<br />

Yes<br />

No<br />

Yes<br />

Yes<br />

Yes<br />

Yes<br />

Yes<br />

Yes<br />

Yes<br />

Description<br />

The design should address the scalability and performance criteria. Performance tests<br />

and stress tests demonstrate that the application block meets these criteria. The application<br />

block’s availability and ability to handle concurrent users should also be tested.<br />

Identify precautions that must be taken to satisfy the security requirements of the<br />

infrastructure and network (examples include operating system services, communication<br />

protocols, and firewalls). For example, the Logging Application Block should use a<br />

secure channel such as SSL or IPSEC, if it is logging sensitive data to a remote SQL<br />

Server or a remote message queue. The Caching Application Block does not encrypt<br />

data, so sensitive data logged to SQL store should be used over secured channel.<br />

Application blocks do not save sensitive data in the registry or in text files during installation.<br />

The application block respects the principle of least privilege. An application block does<br />

not need permissions from an administrator to run on ASP.NET, which requires only a<br />

network service account, or in Windows-based applications, which accepts any standard<br />

security context with the appropriate permissions to write to resources such as the<br />

event log and to use message queuing. The exact permissions depend on the application<br />

block.<br />

Secure configuration stores with the appropriate ACLs.<br />

Do not store sensitive information in plain text configuration files. An example of such<br />

information is a connection string that is used by the Data Access Application Block.<br />

Users should encrypt the configuration file. For more information, see Configuring the<br />

Application Blocks in the <strong>Enterprise</strong> <strong>Library</strong> documentation.<br />

The design identifies application trust boundaries.<br />

The design identifies the identities that are used to access resources across the trust<br />

boundaries.<br />

The design identifies service account requirements.<br />

The design identifies the mechanisms, such as SSL, IPSec, and encryption, to protect<br />

credentials when they are sent over a network.<br />

If SQL authentication is used, credentials are adequately secured over the network (with<br />

SSL or IPSec) and in storage (with DPAPI).<br />

The application blocks do not change the ACLs of the registry or of any files during<br />

installation or run time.<br />

The application blocks do not listen to unknown ports except for their internal use. An<br />

example of where this is acceptable is when the Logging Application Block uses the<br />

MSMQ Trace Listener.

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!