In these paranoid times of globally interconnected computer networks, the issue of security preoccupies individual users as well as large organizations. Computer security encompasses a diverse body of knowledge. Cryptography, virus detection, authentication, auditing, certificates, permissions, access control, digital signatures, and firewalls are but a few of the topics that fall under the rubric of security. Although the security of computer networks is an important subject, we believe that for most projects, security is more of an administration and deployment issue than a development issue. Security sometimes receives too much attention too early in a project—attention that might be better devoted to other areas of the system. Like a broken clock that tells the correct time twice a day, the most secure systems are those that don't work.
It is certainly important for component developers to understand the COM+ security model, since this is one area of COM+ that can bite you where you least expect it. A few words of caution before we begin: Before you read this chapter, be sure that you are intimately familiar with COM+. And after you read this chapter, be sure to learn about the role-based security services that are available to configured components. Role-based security simplifies security and administration issues for middle-tier components; it is covered in volume 2 of Inside COM+. In this chapter, we'll examine the declarative and programmatic security options that COM+ offers to system administrators and component developers. You'll learn how to protect a component from launch and access by unauthorized clients and how to protect the confidentiality of data transmitted across a network.