Shop now Learn more Shop now Shop Clothing clo_fly_aw15_NA_shoes Shop All Shop All Amazon Fashion Cloud Drive Photos Shop now Shop Fire TV Shop now Shop Fire HD 6 Shop Kindle Paperwhite Shop now Shop Now Shop now
FREE Delivery in the UK.
Only 1 left in stock (more on the way).
Dispatched from and sold by Amazon.
Gift-wrap available.
Programming Windows Secur... has been added to your Basket
+ £2.80 UK delivery
Used: Very Good | Details
Condition: Used: Very Good
Comment: Expedited shipping available on this book. The book has been read, but is in excellent condition. Pages are intact and not marred by notes or highlighting. The spine remains undamaged.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Programming Windows Security: The Developers Guide (DevelopMentor) Paperback – 5 Jul 2000

4 customer reviews

See all formats and editions Hide other formats and editions
Amazon Price New from Used from
"Please retry"
£17.70 £1.00
£27.99 FREE Delivery in the UK. Only 1 left in stock (more on the way). Dispatched from and sold by Amazon. Gift-wrap available.

Special Offers and Product Promotions

  • Save £20 on with the aqua Classic card. Get an initial credit line of £250-£1,200 and build your credit rating. Representative 32.9% APR (variable). Subject to term and conditions. Learn more.

Product details

  • Paperback: 608 pages
  • Publisher: Addison Wesley; 1 edition (5 July 2000)
  • Language: English
  • ISBN-10: 0201604426
  • ISBN-13: 978-0201604429
  • Product Dimensions: 18.3 x 3 x 22.9 cm
  • Average Customer Review: 4.5 out of 5 stars  See all reviews (4 customer reviews)
  • Amazon Bestsellers Rank: 956,739 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

Product Description

From the Back Cover

"Keith Brown lucidly explains the Win32 security architecture and how it pervades Windows NT and Windows 2000. He demystifies authentication, authorization, auditing, COM+ security, logon sessions, and much more."
--George V. Reilly, IIS Performance Lead, Microsoft

Windows security has often been considered a dry and unapproachable topic. For years, the main examples of programming security were simply exercises in ACL manipulation. Programming Windows Security is a revelation providing developers with insight into the way Windows security really works. This book shows developers the essentials of security in Windows 2000, including coverage of Kerberos, SSL, job objects, the new ACL model, COM+ and IIS 5.0. Also included are highlights of the differences between security in Windows 2000 and in Windows NT 4.0.

Programming Windows Security is written by an experienced developer specifically for use by other developers. It focuses on the issues of most concern to developers today: the design and implementation of secure distributed systems using the networking infrastructure provided by Windows, the file server, the web server, RPC servers, and COM(+) servers.

Topics covered include:

  • COM(+) security, from the ground up
  • IIS security
  • How the file system redirector works and why developers should care
  • The RPC security model
  • Kerberos, NTLM, and SSL authentication protocols and SSPI
  • Services and the Trusted Computing Base (TCB)
  • Logon sessions and tokens
  • Window stations, desktops, and user profiles
  • The Windows 2000 ACL model, including the new model of inheritance
  • Using private security descriptors to secure objects
  • Accounts, groups, aliases, privileges, and passwords
  • Comparison of three strategies for performing access control--impersonation, role-centric, and object-centric--and their impact on the design of a distributed application

Programming Windows Security provides the most comprehensive coverage of COM(+) security available in one place, culled from the author's extensive experience in diagnosing COM security problems in the lab and via correspondence on the DCOM mailing list.


About the Author

Keith Brown focuses on application security at Pluralsight, which he cofounded with several other .NET experts to foster a community, develop content, and provide premier training. Keith regularly speaks at conferences, including TechEd and WinDev, and serves as a contributing editor and columnist to MSDN Magazine.

Customer Reviews

4.5 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See all 4 customer reviews
Share your thoughts with other customers

Most Helpful Customer Reviews

1 of 1 people found the following review helpful By on 17 Nov. 2000
Format: Paperback
Keith Brown shows what an interesting and exciting subject the security is, after reading this book you'll want to read more about it. Just read several pages describing the RPC security, and you'll see that COM and COM+ security is not scary anymore ! Don't miss this book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By A Customer on 8 Nov. 2000
Format: Paperback
Having seen Keith answer obscure security questions on the DCOM mailing lists for many years, I know that he knows his stuff. Having read the book I can confirm that he can also write lucidly about it.
I have no hesitation in recommending this book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Paperback
This is a superbly well written explanation of what is probably the least well understood corner of the Windows platform. From a straightforward introduction of the abstract concepts used to construct the security architecture, Keith Brown progresses to an explanation of the detailed mechanics, and finally to their implications in distributed COM+ and Web applications. Throughout, the style is intelligent without being dry or impersonal. Fantastic value!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
By Dark Mark on 17 Nov. 2014
Format: Paperback
It was ok at the time, will be well dated now
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Helpful Customer Reviews on (beta) 24 reviews
4 of 4 people found the following review helpful
Every Windows programmer should read this book 1 Jun. 2001
By John Bigley - Published on
Format: Paperback
This is the most comprehensive Windows security book for programmers there is. There are many books out there on how to administer Windows security, but very few on how to program it. About two years ago I started on a project that implemented fine-grained private object security and read everything I could find on the topic; there wasn't much. During that project I was able to read some very useful articles from Keith in MSJ/MSDN magazine. This book includes topics covered in his magazine articles, but adds more detail. It also covers more topics and pulls it all together in one comprehensive book. Even though I thought that I had been exposed to most of what this book covers I went ahead and read it. I still learned a lot, especially about logon sessions and Windows stations and how they affect the security of your application. I think that every Windows developer should read this book because what this book covers affects you even if you are not interested in security. Web programmers should make sure to check out the section on IIS. This book would have saved me so much time if I would have had it two years ago. I read some of the other reviews and found the ones about the font size kind of ridiculous. Everyone has his or her personal preferences on font and style, but I am reviewing this book based on content. I give this book five stars.
3 of 3 people found the following review helpful
Another big win from DevelopMentor... 5 Oct. 2001
By Todd A. Keller - Published on
Format: Paperback
I've been a professional software engineer on Win16/Win32 platforms for over 11 years, doing COM development for most of that time. I have never encountered a source of technical information that comes close to the lucidity or completeness of the Developmentor Series.
Keith Brown's contribution to this series on Windows security continues the tradition of solid, well researched and clearly written treatise on topics that affect, and should concern, every developer who is serious about producing high quality code on the Win32 platform.
Most developers trip over security because the fundamentals of identity, authentication, etc. are not well understood. This book provides a thorough introduction to the ideas that underly secure systems as well as a complete explanation of how they are implemented by Win32. Very useful for those of us who don't bend spoons with our minds for a living (still laughing over that analogy--thanks Keith!)
If you use COM (and who writes for Win32 and doesn't these days?) then the wisdom in Chapter 9 alone is worth the price of the book.
3 of 3 people found the following review helpful
Definitely a Worthwhile Purchase 19 Mar. 2001
By Hugh K. Boyd - Published on
Format: Paperback
Anyone involved in Windows NT/2000 security development would benefit from adding this book to their library. Brown definitely does an excellent job of explaining one of the more difficult aspects of Windows NT/2000 development -- in fact, I'd say that his treatment of ACLs, security descriptors, desktops, window stations and access tokens is among the best that I have read. The only reason that I don't rate this book with 5 stars is that it does not include anything on the LSA APIs. These are some of the more intimidating APIs that a security developer will ever tangle with, but they are essential for such handy little tasks as joining workstations to domains, creating and/or modifying user or group machine rights, or coding replacement GINA dlls. You can find some pretty decent refrences to these APIs (as well as some decent code examples) on msdn dot microsoft dot com, but you have to hunt for them. Having the LSA included in a handy reference such as this book would definitely make it worthy of a five star rating!
4 of 5 people found the following review helpful
Unravels the tangled web 6 Feb. 2001
By John Wismar - Published on
Format: Paperback
I went out and bought this book at a time when I was having trouble with some DCOM security issues. I have always kind of avoided learning about Windows security, because, frankly, I didn't find it very interesting, and the parts of the documentation I had read were so confusing as to be useless.
I was therefore very pleasantly surprised and gratified to find that Brown's book was easy to read, clearly and interestingly written, and explained the details of Windows security in a very straightforward, methodical fashion.
Although it was probably not necesary to do so, I read the book from cover to cover. It is organized so as to provide lower level details and concepts in the early chapters, then to move on to higher-level and more complicated issues. For me, this meant that the problem I was working on was not addressed until the second-last chapter, but by the time I got there, I felt that I had a good grasp of the underlying functionality, and could better understand why certain seemingly bizarre APIs and configurations worked the way they do. (After finishing it, I was able to solve the problems I was having, too!)
One of the clever features that Brown has included is to provide a non-technical overview in the first three chapters, which is suitable for sharing with your non-technical manager so that you can have intelligent discussions, using a common vocabulary, of the issues you are dealing with. That's truly a rare treat!
Another good feature is that the index is quite well done. (There's nothing worse than a reference book in which you can't find the information you're looking for.)
The long and the short if it is that this book, while not for everyone, is an outstanding reference on Windows Security.
4 of 5 people found the following review helpful
Great coverage of NT, Windows 2000, LanMan security 30 July 2000
By Chris Dickey - Published on
Format: Paperback
This book is important for anybody wanting to correctly understand Windows NT/2000 security whether you program, build or admin Windows NT/2000 networks. Security setup must be done properly in a production system, espically one serving the Internet. Keith gives a great overview of the NT/2000 security infrastructure in a style that gives you the right perspective to see why and how it works the way it does. Is the Guest logon in the Authenticated Users group? What and Why are NULL sessions? The tricks of Net Use lmsessions. The background to understand ticket based security and cached credentials. Its all covered very well in this very readable book.
Were these reviews helpful? Let us know