Full Download Programming NET Security 1st Edition Adam Freeman PDF DOCX

Visit https://ebookfinal.com to download the full version and
explore more ebooks
Programming NET Security 1st Edition Adam
Freeman
_____ Click the link below to download _____
https://ebookfinal.com/download/programming-net-
security-1st-edition-adam-freeman/
Explore and download more ebooks at ebookfinal.com

Here are some suggested products you might be interested in.
Click the link to download
Pro ASP NET MVC 4 4th Edition Adam Freeman
https://ebookfinal.com/download/pro-asp-net-mvc-4-4th-edition-adam-
freeman/
Introducing Visual C 2010 1st Edition Adam Freeman
https://ebookfinal.com/download/introducing-visual-c-2010-1st-edition-
adam-freeman/
The Definitive Guide to HTML5 1st Edition Adam Freeman
https://ebookfinal.com/download/the-definitive-guide-to-html5-1st-
edition-adam-freeman/
Distributed NET Programming in VB NET 1st Edition Tom
Barnaby (Auth.)
https://ebookfinal.com/download/distributed-net-programming-in-vb-
net-1st-edition-tom-barnaby-auth/

NET Wireless Programming 1st Edition Mark Ridgeway
https://ebookfinal.com/download/net-wireless-programming-1st-edition-
mark-ridgeway/
Programming MapPoint in NET 1st Edition Chandu Thota
https://ebookfinal.com/download/programming-mappoint-in-net-1st-
edition-chandu-thota/
ASP NET Website Programming Problem Design Solution VB NET
Edition Marco Bellinaso
https://ebookfinal.com/download/asp-net-website-programming-problem-
design-solution-vb-net-edition-marco-bellinaso/
Programming Microsoft ASP NET MVC 1st Edition Dino
Esposito
https://ebookfinal.com/download/programming-microsoft-asp-net-mvc-1st-
edition-dino-esposito/
Programming Microsoft LINQ in NET Framework 4 1st Edition
Pialorsi
https://ebookfinal.com/download/programming-microsoft-linq-in-net-
framework-4-1st-edition-pialorsi/

Programming NET Security 1st Edition Adam Freeman
Digital Instant Download
Author(s): AdamFreeman, Allen Jones
ISBN(s): 9780596004422, 0596004427
Edition: 1
File Details: PDF, 20.65 MB
Year: 2003
Language: english

[ Team LiB ]
• Table of Contents
• Index
• Reviews
• Reader Reviews
• Errata
Programming .NET Security
ByAdam Freeman,Allen Jones
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
With the spread of web-enabled desktop clients and web-server based applications, developers can
no longer afford to treat security as an afterthought. It's one topic, in fact, that .NET forces you to
address, since Microsoft has placed security-related features at the core of the .NET Framework.
Yet, because a developer's carelessness or lack of experience can still allow a program to be used
in an unintended way, Programming .NET Security shows you how the various tools will help you
write secure applications.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
Copyright
Dedication
Preface
How This Book Is Organized
Who Should Read This Book
Assumptions This Book Makes
Conventions Used in This Book
How to Contact Us
Part I: Fundamentals
Chapter 1. Security Fundamentals
Section 1.1. The Need for Security
Section 1.2. Roles in Security
Section 1.3. Understanding Software Security
Section 1.4. End-to-End Security
Chapter 2. Assemblies
Section 2.1. Assemblies Explained
Section 2.2. Creating Assemblies
Section 2.3. Shared Assemblies
Section 2.4. Strong Names
Section 2.5. Publisher Certificates

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
Section 2.6. Decompiling Explained
Chapter 3. Application Domains
Section 3.1. Application Domains Explained
Chapter 4. The Lifetime of a Secure Application
Section 4.1. Designing a Secure .NET Application
Section 4.2. Developing a Secure .NET Application
Section 4.3. Security Testing a .NET Application
Section 4.4. Deploying a .NET Application
Section 4.5. Executing a .NET Application
Section 4.6. Monitoring a .NET Application
Part II: .NET Security
Chapter 5. Introduction to Runtime Security
Section 5.1. Runtime Security Explained
Section 5.2. Introducing Role-Based Security
Section 5.3. Introducing Code-Access Security
Section 5.4. Introducing Isolated Storage
Chapter 6. Evidence and Code Identity
Section 6.1. Evidence Explained
Section 6.2. Programming Evidence
Section 6.3. Extending the .NET Framework
Chapter 7. Permissions
Section 7.1. Permissions Explained
Section 7.2. Programming Code-Access Security
Chapter 8. Security Policy
Section 8.1. Security Policy Explained
Section 8.2. Programming Security Policy
Chapter 9. Administering Code-Access Security
Section 9.1. Default Security Policy
Section 9.2. Inspecting Declarative Security Statements
Section 9.3. Using the .NET Framework Configuration Tool
Section 9.4. Using the Code-Access Security Policy Tool
Chapter 10. Role-Based Security
Section 10.1. Role-Based Security Explained
Section 10.2. Programming Role-Based Security
Chapter 11. Isolated Storage
Section 11.1. Isolated Storage Explained
Section 11.2. Programming Isolated Storage
Section 11.3. Administering Isolated Storage

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
Part III: .NET Cryptography
Chapter 12. Introduction to Cryptography
Section 12.1. Cryptography Explained
Section 12.2. Cryptography Is Key Management
Section 12.3. Cryptographic Attacks
Chapter 13. Hashing Algorithms
Section 13.1. Hashing Algorithms Explained
Section 13.2. Programming Hashing Algorithms
Section 13.3. Keyed Hashing Algorithms Explained
Section 13.4. Programming Keyed Hashing Algorithms
Chapter 14. Symmetric Encryption
Section 14.1. Encryption Revisited
Section 14.2. Symmetric Encryption Explained
Section 14.3. Programming Symmetrical Encryption
Chapter 15. Asymmetric Encryption
Section 15.1. Asymmetric Encryption Explained
Section 15.2. Programming Asymmetrical Encryption
Chapter 16. Digital Signatures
Section 16.1. Digital Signatures Explained
Section 16.2. Programming Digital Signatures
Section 16.3. Programming XML Signatures
Chapter 17. Cryptographic Keys
Section 17.1. Cryptographic Keys Explained
Section 17.2. Programming Cryptographic Keys
Part IV: .NET Application Frameworks
Chapter 18. ASP.NET Application Security
Section 18.1. ASP.NET Security Explained
Section 18.2. Configuring the ASP.NET Worker Process Identity
Section 18.3. Authentication
Section 18.4. Authorization
Section 18.5. Impersonation
Section 18.6. ASP.NET and Code-Access Security
Chapter 19. COM+ Security
Section 19.1. COM+ Security Explained
Section 19.2. Programming COM+ Security
Section 19.3. Administering COM+ Security

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
Chapter 20. The Event Log Service
Section 20.1. The Event Log Service Explained
Section 20.2. Programming the Event Log Service
Part V: API Quick Reference
Chapter 21. How to Use This Quick Reference
Section 21.1. Finding a Quick-Reference Entry
Section 21.2. Reading a Quick-Reference Entry
Chapter 22. Converting from C# to VB Syntax
Section 22.1. General Considerations
Section 22.2. Classes
Section 22.3. Structures
Section 22.4. Interfaces
Section 22.5. Class, Structure, and Interface Members
Section 22.6. Delegates
Section 22.7. Enumerations
Chapter 23. The System.Security Namespace
AllowPartiallyTrustedCallersAttribute
CodeAccessPermission
IEvidenceFactory
IPermission
ISecurityEncodable
ISecurityPolicyEncodable
IStackWalk
NamedPermissionSet
PermissionSet
PolicyLevelType
SecurityElement
SecurityException
SecurityManager
SecurityZone
SuppressUnmanagedCodeSecurityAttribute
UnverifiableCodeAttribute
VerificationException
XmlSyntaxException
Chapter 24. The System.Security.Cryptography Namespace
AsymmetricAlgorithm
AsymmetricKeyExchangeDeformatter
AsymmetricKeyExchangeFormatter
AsymmetricSignatureDeformatter
AsymmetricSignatureFormatter
CipherMode
CryptoAPITransform
CryptoConfig
CryptographicException
CryptographicUnexpectedOperationException

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
CryptoStream
CryptoStreamMode
CspParameters
CspProviderFlags
DeriveBytes
DES
DESCryptoServiceProvider
DSA
DSACryptoServiceProvider
DSAParameters
DSASignatureDeformatter
DSASignatureFormatter
FromBase64Transform
FromBase64TransformMode
HashAlgorithm
HMACSHA1
ICryptoTransform
KeyedHashAlgorithm
KeySizes
MACTripleDES
MaskGenerationMethod
MD5
MD5CryptoServiceProvider
PaddingMode
PasswordDeriveBytes
PKCS1MaskGenerationMethod
RandomNumberGenerator
RC2
RC2CryptoServiceProvider
Rijndael
RijndaelManaged
RNGCryptoServiceProvider
RSA
RSACryptoServiceProvider
RSAOAEPKeyExchangeDeformatter
RSAOAEPKeyExchangeFormatter
RSAParameters
RSAPKCS1KeyExchangeDeformatter
RSAPKCS1KeyExchangeFormatter
RSAPKCS1SignatureDeformatter
RSAPKCS1SignatureFormatter
SHA1
SHA1CryptoServiceProvider
SHA1Managed
SHA256
SHA256Managed
SHA384
SHA384Managed
SHA512
SHA512Managed

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
SignatureDescription
SymmetricAlgorithm
ToBase64Transform
TripleDES
TripleDESCryptoServiceProvider
Chapter 25. The System.Security.Cryptography.X509Certificates Namespace
X509Certificate
X509CertificateCollection
X509CertificateCollection.X509CertificateEnumerator
Chapter 26. The System.Security.Cryptography.Xml Namespace
DataObject
DSAKeyValue
KeyInfo
KeyInfoClause
KeyInfoName
KeyInfoNode
KeyInfoRetrievalMethod
KeyInfoX509Data
Reference
RSAKeyValue
Signature
SignedInfo
SignedXml
Transform
TransformChain
XmlDsigBase64Transform
XmlDsigC14NTransform
XmlDsigC14NWithCommentsTransform
XmlDsigEnvelopedSignatureTransform
XmlDsigXPathTransform
XmlDsigXsltTransform
Chapter 27. The System.Security.Permissions Namespace
CodeAccessSecurityAttribute
EnvironmentPermission
EnvironmentPermissionAccess
EnvironmentPermissionAttribute
FileDialogPermission
FileDialogPermissionAccess
FileDialogPermissionAttribute
FileIOPermission
FileIOPermissionAccess
FileIOPermissionAttribute
IsolatedStorageContainment
IsolatedStorageFilePermission
IsolatedStorageFilePermissionAttribute
IsolatedStoragePermission
IsolatedStoragePermissionAttribute

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
IUnrestrictedPermission
PermissionSetAttribute
PermissionState
PrincipalPermission
PrincipalPermissionAttribute
PublisherIdentityPermission
PublisherIdentityPermissionAttribute
ReflectionPermission
ReflectionPermissionAttribute
ReflectionPermissionFlag
RegistryPermission
RegistryPermissionAccess
RegistryPermissionAttribute
ResourcePermissionBase
ResourcePermissionBaseEntry
SecurityAction
SecurityAttribute
SecurityPermission
SecurityPermissionAttribute
SecurityPermissionFlag
SiteIdentityPermission
SiteIdentityPermissionAttribute
StrongNameIdentityPermission
StrongNameIdentityPermissionAttribute
StrongNamePublicKeyBlob
UIPermission
UIPermissionAttribute
UIPermissionClipboard
UIPermissionWindow
UrlIdentityPermission
UrlIdentityPermissionAttribute
ZoneIdentityPermission
ZoneIdentityPermissionAttribute
Chapter 28. The System.Security.Policy Namespace
AllMembershipCondition
ApplicationDirectory
ApplicationDirectoryMembershipCondition
CodeGroup
Evidence
FileCodeGroup
FirstMatchCodeGroup
Hash
HashMembershipCondition
IIdentityPermissionFactory
IMembershipCondition
NetCodeGroup
PermissionRequestEvidence
PolicyException
PolicyLevel

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
PolicyStatement
PolicyStatementAttribute
Publisher
PublisherMembershipCondition
Site
SiteMembershipCondition
StrongName
StrongNameMembershipCondition
UnionCodeGroup
Url
UrlMembershipCondition
Zone
ZoneMembershipCondition
Chapter 29. The System.Security.Principal Namespace
GenericIdentity
GenericPrincipal
IIdentity
IPrincipal
PrincipalPolicy
WindowsAccountType
WindowsBuiltInRole
WindowsIdentity
WindowsImpersonationContext
WindowsPrincipal
Colophon
Index
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
Copyright
Copyright © 2003 O'Reilly & Associates, Inc.
Printed in the United States of America.
Published by O'Reilly & Associates, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.
O'Reilly & Associates books may be purchased for educational, business, or sales promotional use.
Online editions are also available for most titles (http://safari.oreilly.com). For more information,
contact our corporate/institutional sales department: (800) 998-9938 or corporate@oreilly.com.
Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of
O'Reilly & Associates, Inc. Many of the designations used by manufacturers and sellers to
distinguish their products are claimed as trademarks. Where those designations appear in this
book, and O'Reilly & Associates, Inc. was aware of a trademark claim, the designations have been
printed in caps or initial caps. Microsoft, the .NET logo, Visual Basic .NET, Visual Studio .NET,
ADO.NET, Windows, and Windows 2000 are registered trademarks of the Microsoft Corporation.
The association between the Smoothhound shark and the topic of .NET security is a trademark of
O'Reilly & Associates, Inc.
While every precaution has been taken in the preparation of this book, the publisher and authors
assume no responsibility for errors or omissions, or for damages resulting from the use of the
information contained herein.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
Dedication
Dedicated with love to Jacqui. She deserves a dedication to herself for a change.
—Adam Freeman
For my wife Elena and my daughter Anya. I love you both.
—Allen Jones
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
Preface
The .NET Framework is a flexible general-purpose computing platform designed to address the
needs of commercial organizations and individuals alike, and to support a variety of application
models. .NET supports recent trends that favor highly distributed systems, component-based
applications, and web-based server solutions (including XML web services). Although these trends
have led to improvements in application functionality and programmer productivity, they also
require that software consumers, producers, and service providers pay closer attention to software
and system security.
Traditionally, programmers have treated security as an afterthought; however, there is a growing
appreciation that security is a requirement, not an option, for contemporary applications and that
security should be integrated into their development. The simple fact is that you cannot ignore
security when developing a .NET application, because security is at the core of the .NET
Framework and implicit in applications that you write. You must understand how to program .NET
security, if for no other reason than to respond to the default actions of the .NET Framework, but
more importantly, to create effective and functional .NET applications that will be welcomed by
their users.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
How This Book Is Organized
This book is divided into five parts. Part I discusses fundamental software security concepts. Part
II focuses on programming the security features of the .NET runtime. Part III covers the
programmatic use of the cryptography classes contained in the .NET class library. Part IV
discusses the use of security features more related to the platform on which your applications run.
Finally,Part V contains an API reference covering the security classes we discuss in this book.
Chapter 1
Introduces some fundamental software security concepts that you should understand before
continuing to later chapters. Explains why there is a need for security, discusses the goal of
software security, and introduces some important topics that you should be aware of as you
begin to develop your own security programming skills.
Chapter 2
Provides an overview of the .NET assembly, which is a key component in .NET security.
Describes the structure and contents of an assembly, demonstrates how to create the
different types of assembly, and discusses protecting your assemblies from tampering and
reverse engineering.
Chapter 3
Explains the role of application domains and discusses the effect they have on application
isolation, security, and configuration.
Chapter 4
Discusses the way in which software security is integrated into the application lifetime, and
provides practical advice that will help you understand the content contained in later
chapters.
Part II: .NET Security
Chapter 5
Introduces the key security features provided by the .NET runtime. Explains the purpose and
function of these security features, how they interact with each other, and their relationship
with the security provided by the underlying operating system.
Chapter 6
Explains what evidence is and where it comes from, and describes the purpose and use of
the different types of evidence, including the standard evidence classes provided with the.
NET Framework. Demonstrates how to use evidence programmatically and how to extend
the security capabilities of the .NET Framework by developing custom evidence classes.
Chapter 7
Explains what permissions are and discusses their role in the implementation of code-access
security. Describes the mechanisms that the runtime uses to enforce code-level security,

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
and explains how you can use permissions to manipulate these mechanisms. Finally, this
chapter shows you how to extend code-access security by implementing your own custom
permissions.
Chapter 8
Explains how the .NET runtime uses security policy to determine which permissions to grant
to an assembly or application domain. Describes the structure of security policy and explains
how the component elements interact at runtime. Explains how to manipulate security policy
programmatically, and demonstrates the use of application domain policy.
Chapter 9
Outlines the default security policy implemented by the .NET Framework, and discusses the
use of the .NET security tools to manage security policy.
Chapter 10
Explains what role-based security is and discusses the .NET Framework's implementation.
Describes the classes used to access role-based security, and demonstrates how to use
them in your programs.
Chapter 11
Describes what isolated storage is and explains where it provides benefits over existing data
storage options. Demonstrates how to use isolated storage in your own programs, as well as
how to administer and control access to it.
Part III: .NET Cryptography
Chapter 12
Provides an overview of the different aspects of cryptography and discusses some of the
dangers and limitations of which you should be aware.
Chapter 13
Examines hash codes in more depth and shows you how to create and validate hash codes
using the .NET Framework classes. Extends the .NET Framework by adding a new hashing
algorithm.
Chapter 14
Discusses how to achieve confidentiality with symmetric data encryption, and how to encrypt
and decrypt data using the .NET Framework. Shows you how to extend the .NET Framework
by adding a new symmetric encryption algorithm.
Chapter 15
Discusses asymmetric encryption, explaining what it is, how it works, and how it overcomes
the problem of exchanging secret keys. Demonstrates how to extend the .NET Framework
by adding a new asymmetric encryption algorithm.
Chapter 16
Explains what digital signatures are, how they work, and how to use them within your .NET
applications. Demonstrates how to extend the .NET Framework by adding support for a
custom digital signatures algorithm.
Chapter 17
Discusses the way in which the .NET Framework supports cryptographic keys. Explains the
importance of keys, and the decisions you must make in deciding how you will create them.

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
Part IV: .NET Applications Frameworks
Chapter 18
Introduces the features you can use to increase the security of your ASP.NET applications.
Discusses the overall issue of ASP.NET application security, and the mechanisms the .NET
Framework implements to provide authentication, authorization, and impersonation services
to ASP.NET applications.
Chapter 19
Discusses the COM+ security services, and explains how you can apply them to your COM+
components.
Chapter 20
Describes how to use the Windows Event Logging Service from your .NET applications in
order to audit Windows security events.
Part V: API Quick Reference
Part V contains a comprehensive API reference covering the following security-related namespaces
of the .NET Framework base class library:
System.Security
System.Security.Cryptography
System.Security.Cryptography.X509Certificates
System.Security.Cryptography.Xml
System.Security.Permissions
System.Security.Policy
System.Security.Principal
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
Who Should Read This Book
Programming .NET Security was written for two groups of people. First, we wrote for the architects
and designers of .NET applications who must understand the capabilities and limitations of .NET
security to factor them into their designs and plans. Each chapter in Parts II, III, and IV begins
with a detailed discussion that describes the technology but does not go to the level of discussing
individual classes and methods.
Second, we wrote for all C# and Visual Basic .NET programmers who want to know how to use the
features of the .NET Framework to write more secure applications. Following a technical
introduction, each chapter in Parts II, III, and IV contains a detailed explanation of how to
program the features of the .NET Framework being discussed; numerous code samples accompany
these sections to clarify the points being made. Specifically for advanced programmers, our
discussions of code-access security and cryptography contain fully worked examples on how to
extend the .NET Framework security mechanisms.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
Assumptions This Book Makes
This book is focused on .NET Framework security programming; we assume no prior exposure to
the .NET security classes, but expect the reader to have basic experience as a competent C# or
Visual Basic .NET programmer.
In Part IV of this book, we discuss the interaction of .NET application security with features and
security capabilities of the Windows platform and other external services. In these chapters, we
expect the reader to be familiar with the external technologies, and focus only on the aspect of
security programming.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
Conventions Used in This Book
The following font conventions are used throughout this book:
Italic is used for:
Pathnames, filenames, and program names
Internet addresses, such as domain names and URLs
New terms where they are defined
Constant Width is used for:
Command lines and options that should be typed verbatim
Names and keywords in program examples, including method names, variable names, and
class names
Constant Width Bold is used for:
Emphasis within program code
This icon designates a note, which is an important aside to the nearby text.
This icon designates a warning relating to the nearby text.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
How to Contact Us
We have tested and verified the information in this book to the best of our ability, but you may
find that features have changed (or even that we have made mistakes!). Please let us know about
any errors you find, as well as your suggestions for future editions, by writing to:
O'Reilly & Associates, Inc.
1005 Gravenstein Highway North
Sebastopol, CA 95472
(800) 998-9938 (in the U.S. or Canada)
(707) 829-0515 (international/local)
(707) 829-0104 (fax)
There is a web page for the book that lists errata, examples, or any additional information. You
can access this page at:
http://www.oreilly.com/catalog/prognetsec
To comment or ask technical questions about this book, send email to:
bookquestions@oreilly.com
For more information about books, conferences, Resource Centers, and the O'Reilly Network, see
the O'Reilly web site:
http://www.oreilly.com
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
Discusses the need for security and the approaches to adopt when developing secure
software. These chapters also discuss assemblies and application domains—two fundamental
building blocks of .NET applications that play a crucial role in the creation of secure software:
Chapter 1
Chapter 2
Chapter 3
Chapter 4
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
Chapter 1. Security Fundamentals
This chapter introduces the fundamental software security concepts that you need to understand
before continuing to later chapters. We explain why there is a need for security, and the roles that
are important to the development and operation of software security policies. We also discuss the
goals of software security and introduce some important concepts that you should understand as
you develop your own security programming skills.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
1.1 The Need for Security
Only a few years ago, software applications tended to be isolated. Users of these applications were
required to present themselves in a known location (for example, a bank branch or office block)
that was protected by physical barriers to access such as locks, surveillance cameras, and security
guards. Attacks against such software systems were fewer than are experienced today, in part,
because gaining access to such a location presented a barrier that many found insurmountable.
The increased connectivity and prevalence of networked applications has removed the
insurmountable barrier presented by physical security, and it is not only the networked
applications themselves at risk. Increasingly, software systems control access to valuable physical
resources (for example, banking software can be used to credit or debit a customer account).
Subverting or compromising the software system may be the simplest way to gain access to the
physical resource; for example, it may be easier to break into the banking application and create
fictitious transactions than it is to crack open the bank vault.
Today, a talented 15-year-old Italian schoolboy, who would be unable to get past a company
security guard, might, for personal amusement, be able to convince a networked application that
heis a 37-year-old trusted employee from Alabama. More serious, however, is the increase in
software hacking for criminal reasons—either to steal intellectual property or, more commonly, to
steal information that can be sold to other criminals, such as lists of credit card numbers.
In short, the world has become more hostile towards software. In light of recent changes to social
and political attitudes to security, it should be no surprise that the public has an increased
expectation that software will be secure. The kinds of security that we discuss in this book can
provide some protection against the increased frequency and sophistication of attempts to subvert
applications. However, security has also become a tool to promote the sale of software, and claims
of "unbreakable" security are now commonplace. The effective use of software security has fallen
behind the ideal that is portrayed by marketing departments. Another purpose of this book is to
close the gap between the perception and the reality, and to demonstrate how you can increase
the security of your applications through the careful application of tried-and-tested technologies.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
1.2 Roles in Security
In a normal software development project, there are many people who influence software security.
People often look at software security from different perspectives and hope to gain different results
from its implementation; these are often at odds with the goals of others. In this section, we
describe the most common roles, and explain the motivations and goals of those who hold them.
The content of this book is aimed at the technical reader, but it is important that you appreciate
the complete set of influences that shape the need for and implementation of software security.
SeeChapter 4 for a more detailed examination of some of these roles and the way they influence
the life cycle of an application.
1.2.1 The Business Sponsor
Thebusiness sponsor is responsible for commissioning a software development project, and
usually owns the problem that the application is intended to solve. The role of the business
sponsor, and his expectations of software security, varies depending on the nature of the business
and the purpose of the software.
The business sponsor typically lacks technical expertise, but controls the development budget and
may support the implementation of software security for the following reasons:
Security is a known requirement of the systems users.
Legislation dictates that the software must implement certain security measures.
Security features are necessary to compete with other products and look good on marketing
material.
Lacking formal requirements, the business sponsor will often have opinions to offer on the
importance and implementation of software security. These opinions may or may not be in line
with the real requirements of the project.
Business sponsors are often the biggest source of tension on a project when it comes to the
correct application of security. As you will see throughout this book, software security can be
applied only after a careful assessment of the application requirements; however, the business
sponsor often wants to bring the application into production as quickly as possible, and this creates
a tension between the careful application of a planned security policy and the business
requirement that the application ship quickly.
1.2.2 The Architect
The projectarchitect is responsible for the overall design of the application, ensuring that the
planned development will meet the business and technical goals that have been specified by the
business sponsor. The architect is ideally placed to assess the security needs of the application and
to formulate the security policy that will be implemented by the programmers.

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
1.2.3 The Programmer
Theprogrammeris responsible for implementing the application design produced by the architect
and for meeting the software security goals specified in the design. The programmer must have a
firm understanding of the security features provided by the development platform in use, and
must be trusted to implement the security policy completely and without modification.
1.2.4 The Security Tester
Thesecurity testerdoes not perform the same role as an ordinary application tester. A normal
tester creates test scenarios that ensure that the planned functionality works as expected, by
simulating the actions of a user. By contrast, the security tester simulates the actions of a hacker,
in order to uncover behaviors that would circumvent the software security measures. Security
testing is an underrated and underemployed activity, but is vital in validating the security
measures designed by the architect and implemented by the programmer.
1.2.5 The System Administrator
Thesystem administrator is responsible for installing, configuring, and managing the application;
these tasks require a good understanding of general security issues, and an appreciation of the
security features provided by the development platform and the application itself.
One of the most important aspects of system administration is application monitoring. Well-
designed applications provide system administrators with information about potential security
breaches, and it is the responsibility of the system administrator to monitor for such information
and to formulate a response plan in the event that the security of an application is subverted.
1.2.6 The User
Theuser is the final consumer of the functionality provided by the application, and is often
required to interact with its software security measures—for example, by entering a username and
password to gain access to its functionality.
The users of an application create their own tensions against the security policy; their expectations
that the software system will protect them are high, but their willingness to be constrained by
intrusive security measures is limited. For example, retail customers expect that a software
system will conceal their credit card numbers from unauthorized third parties and protect their
accounts from unauthorized changes.However, the same users will resist taking any responsibility
for their own security—for example, by remembering and specifying a PIN code when they
purchase goods.
Successful security policies take into account the users' attitudes, and do not force them to accept
security demands that they cannot or will not adhere to. Unsuccessful security policies do not take
into account the needs of the user—for example, requiring users to remember long and difficult
passwords that are frequently changed. In such circumstances, users will simply write the
password down on a piece of paper and thereby negate all of the effort made during the
development process.
1.2.7 The Hacker/Cracker

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
The final role is the cracker, more popularly known as a hacker. The hacker attempts to
circumvent or subvert software security for financial gain or perhaps to rise to a perceived
intellectual challenge. The hacker is the person whom security measures are meant to foil, but the
label does not accurately describe the range of people who will attack software security systems.
Throughout this book, we detail a number of specific security systems and explain the type of
attack against which each is intended to protect.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
1.3 Understanding Software Security
There are two kinds of assets that software security sets out to protect; restricted resources and
secrets. In this section, we provide an overview of these important categories, which we build on
throughout the rest of the book.
1.3.1 Restricted Resources
Arestricted resourceis any object, feature, or function of your application (or of any software or
hardware that your application depends on) that you do not wish to be used or accessed by
unauthorized people. This is a very broad definition, but casting our net this wide allows us to
demonstrate the common solution to a wide range of closely related issues; the following list
describes some restricted resources that you may encounter:
Disk files
The most commonly encountered restricted resource is the disk file. For example, by default,
the Windows operating system allows users to access their own files, but not the files of
other users or disk files used by the operating system itself. Users are restricted from
accessing files that they have not created.
Software functions
One of the most familiar restricted resources for you is the software function that should not
be available to all users of the application or service. For example, the accounts clerk in a
bank should not be able to authorize mortgage loans; such activities are restricted to
qualified loan officers.
Hardware resources
Software security is often used to restrict access to important hardware resources, such as a
high-quality color printer. Ordinary users are restricted to printing their documents in
monochrome, while the sales staff prints customer presentations in color.
External services
Increasingly, software security restrictions are applied to external services that have no
tangible physical attributes, but affect a company either by incurring a direct financial cost
or by distracting staff from their duties. Examples of such services are Internet access,
personal emails, and international telephone calls. Access to these services is restricted to
those who need them to do their jobs
1.3.2 Trust
In terms of software security, when we trust someone, we grant that person access to one or
more restricted resources; for example, we trust our bank loan officer to approve mortgage loans
in a responsible way and grant the officer access to the software features for loan approval.
The first step in managing trust is to establish identity, which is the means that a system uses to
uniquely differentiate between users. The complexity of the identities used by an application is
influenced by the number of users that need identification; if there are small numbers of users,
then identities as simple as "Alice" and "Bob" may be sufficient to uniquely identify each person.

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
By contrast, providing unique identification for thousands or millions of people may require more
complex identities—for example, social security numbers.
You use authenticationto ensure that you have correctly established the identity of a user. If you
wish to restrict access to a valuable resource, you cannot take a statement of identity by a user at
face value. Consider the ramifications if your bank believed a claim by you that you were "Bill
Gates" and granted you access to his deposits. The most common form of authentication requires
a user to provide a username and a password to access an application; the username represents
the stated user identity and the password is a secret known only to the user (see the next section
for information about secrets). We expect that others who might wish to assume this identity will
not know the secret password and therefore won't pass the authentication process.
Once you have authenticated and identified a user, you authorizethe user to access one or more
restricted resources. The resources to which a user is granted access depend on the level of trust
granted by the application; the level of trust is typically determined by the nature of the tasks that
a user will undertake; for example, you might grant a user access to a disk file containing details
of a new product because that user is employed as a product development engineer, and the
contents of that file are required by the user to discharge her duties.
The process of establishing and authenticating an identity, and authorizing access to resources
based on that identity is illustrated in Figure 1-1. This process is at the heart of software security,
and many applications and systems that may appear to work in radically different ways implement
this common approach.
Figure 1-1. The process of granting access to restricted resources
SeeChapter 5 for an introduction to the way in which .NET defines and supports restricted
resources, and Chapter 6 through Chapter 10 for detailed coverage on how to apply .NET security
to your application projects.
1.3.3 Secrets
Asecret is any data created or processed by your application that you do not wish to be publicly
known. Examples of secrets include the credit card numbers of your clients, and passwords your
users enter to authenticate their identities for your application. Secrets are the counterpart to
restricted resources. While a restricted resource often represents the ability to perform an action
(such as approving a mortgage or printing a color document), a secret typically embodies the data

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
the resource will process (such as the financial details of a customer or the secret marketing plan).
1.3.3.1 The lifetime of secrets
It is important to consider each type of secret that you work with and assess how long it needs to
remain a secret; for example, a customer credit card number needs to be protected only until the
card expires, after which, the information you hold on file cannot be used to purchase goods. By
contrast, some secrets must be protected forever, such as medical histories.
One mistake that is frequently made is considering the lifetime of a secret in isolation from the real
world. For example, you may choose to protect a user's secret password only until it is changed,
perhaps as part of a process where a password is valid for a fixed period. The problem that this
presents is that users will often change a password back to its original value as soon as they can,
which means that a hacker could access your application if your list of expired passwords were
allowed to become public. When you assess the lifetime of a secret, consider that the data itself
may have value if it persists outside the application.
1.3.3.2 Protecting secrets
Secrets are typically protected with cryptography, which is the subject of Part III. Cryptography
uses complex mathematical algorithms to encode secrets, and the type of algorithm used depends
on the length of time the data needs protection, which is, in turn, influenced by the lifetime of the
secret. See Chapter 12 for an introduction to cryptography, and Chapter 13 through Chapter 17
for in-depth coverage of how the .NET Framework supports cryptographic techniques.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
1.4 End-to-End Security
The final concept we introduce in this chapter is end-to-end security, which is the result of
considering the wider aspects of security, beyond the resources and secrets protected by your
application. Although this book is focused on implementing software security, it is important that
you take a higher-level view, taking into account the real world and its complexity. The following
sections highlight other issues that you should consider.
1.4.1 Real-World Trust Relationships
One of the most important things to remember about security is that not everyone shares your
motivations and aspirations, and not everyone thinks the way that you think. The most carefully
defined software trust system may not reflect the actual trust that has been granted to users of an
application.
As a simple example, when we outlined the important roles that play in security, we differentiated
between the legitimate users of an application and the hackers who want to subvert it. The reality
is less clear-cut; most fraud is perpetrated by employees otherwise trusted by their company;
when you grant trust to a user, you may be providing that individual tools that will be used to
defraud, and otherwise rob, your company.
Differences in motivation are especially relevant when considering coercion; although you may feel
that the security and profitability of your application is paramount, others may not. In some
countries, it is common to rob a bank by kidnapping the branch manager's children, coercing the
manager to unlock the bank and provide access to the vaults in order to secure the freedom of his
offspring. The robbers have secured access to the protected resources with the explicit cooperation
of a trusted employee. When thinking about security, you must give consideration to motivation,
both of the potential users and the potential attackers.
1.4.2 Side Channels
Aside-channel attack employs methods that have little to do with the software security measures
that protect an application. For example, looking over a person's shoulder while he types his
password circumvents any policy that may be put in place to control identity authentication; the
attacker has side-stepped the security measures and can now access the system.
Identifying potential side-channel attacks takes a lot of lateral thinking, and requires careful
evaluation of the information exposed by your security systems that attackers might be able to
exploit. Various smart-card technologies, for example, have been compromised by analyzing
variations in power consumption, electromagnetic radiation, and the amount of time taken to
process an authentication request associated with their use. Such an attack takes time and
determination, but can be profitable if the smart card is used to manage cash transactions or
provides access to expensive resources.
1.4.3 Physical Security
Physical security is often ignored when application software is secured. Many years of effort may

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
go into designing an application that carefully controls access to the contents of a warehouse, but
if the security of the warehouse itself is weak, then attackers will simply steal your goods directly
rather than attempting to subvert your application to ship goods free-of-charge.
A good example of physical security is represented by automated teller machines (ATMs). An ATM
employs physical measures to protect against tampering and outright theft, as well as the software
measures that authenticate your card and PIN number.
1.4.4 Third-Party Software
Finally, we draw your attention to third-party software, which you may rely on for the
development of your application. Examples of this kind of software include development
environments (such as Microsoft Visual Studio .NET), class libraries, and language compilers.
It is important for you to understand that by using third-party software, you are trusting the
software publisher to produce software that does not present a security risk, either in the
functionality that is provided or by the introduction of malicious features. You should also realize
that when you distribute software that depends on third-party software, you are asking your
customers to grant the same level of trust to the third parties as they do to you and your
organization.
For example, you may trust Microsoft to produce safe and secure software, and you may feel
confident that Internet Explorer provides a secure environment in which to browse the World Wide
Web. However, if you look at the information provided by the "About Internet Explorer" window,
you will see that Internet Explorer 6 is built, in part, with software licenses from the following
organizations:
National Center for Supercomputing Applications at the University of Illinois at Champaign
Spyglass, Inc.
RSA Data Security, Inc.
The Independent JPEG Group
Intel Corp.
Mainsoft Corp.
When you trust Microsoft to deliver Internet Explorer without the inclusion of security-related
defects or malicious code, you also implicitly trust all of the companies listed above, some that you
may not even have heard of. Each of these companies may in turn license content or functionality
from other publishers, and the chain continues; the trust that you confer on an individual software
publisher goes far beyond what you may expect, and this is equally true for development software
and class libraries as it is for Windows applications.
When selecting third-party tools and libraries for your development projects, you must consider
the level of trust that you assign to the software publisher and any other companies or individuals
that may have contributed to these products.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
Chapter 2. Assemblies
This chapter provides an overview of the .NET assembly, which is a key component in .NET
security. We describe the structure and contents of an assembly, demonstrate how to create the
different types of assembly, and discuss how you can protect your assemblies from tampering and
reverse engineering. The information in this chapter provides a foundation essential for
understanding the more advanced topics presented in later chapters, especially those related to
Code Access Security.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
2.1 Assemblies Explained
An assembly contains one or more .NET data types compiled into the Microsoft Intermediate
Language (MSIL); in other words, an assembly contains the code that the common language
runtime executes. The .NET Framework uses the assembly as the basic unit of deployment and
versioning and, most importantly for our purposes, as the basic security boundary. In the following
chapters, we will demonstrate how the .NET Framework uses assemblies to enforce security
policy; in this section, however, we provide a brief overview of assemblies as a foundation for
more advanced topics.
Microsoft Intermediate Language
When you compile a .NET source file, the compiler converts contained data types to the
MSIL, which consists of a series of CPU-independent instructions. The .NET Framework
compiles the MSIL describing your data type into instructions for a specific CPU at
execution; this approach allows .NET applications to be deployed to different CPU
architectures without having to recompile the source code. Consult the .NET
documentation for further information about MSIL.
Each assembly consists of the following:
Assembly manifest
The assembly manifest contains metadata elements that describe the assembly,
summarized as follows:
Assembly name
A text string specifying the assembly's name
Assembly version
A string in the form a.b.c.d, where a and b are major and minor version numbers,
andc and d are revision and build numbers
Assembly culture
Information on the culture or language that the assembly supports, for example, "en-
US" for U.S. English or "fr-CA" for Canadian French
Assembly strong name
Details of the public key used to create the assembly strong name; see Section 2.4 for
further information
A list of all of the files in the assembly
Lists all of the files that comprise the assembly; as we explain later, assemblies can be
made up of more than one file
Type reference information
Provides information about the data types that are exported from this assembly for
use in other assemblies
Referenced assemblies information

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
Lists the details of any other assemblies that this assembly depends on
Informational attributes
A set of human-readable strings that provide additional information about an
assembly, including trademark and copyright restrictions, product and company
names, and a description of the assembly contents
Type metadata
This part of the assembly contains information about the data types contained in the MSIL
code portion of the assembly, described later.
MSIL code
The MSIL code section of the assembly contains the MSIL statements that will be executed
by the .NET Framework runtime, describing one or more .NET types.
Application resources
There are a set of resources, such as icons and sounds, that the application uses.
There are two types of assembly; each type differs in where the assembly contents are stored.
The simplest and most common type is a single-file assembly, where all of the assembly contents
are stored in a single file. As shown by Figure 2-1, the four assembly components are contained in
the file named SingleFileAssembly.dll.
Figure 2-1. A single-file assembly contains all of the assembly contents
in a single disk file
The second assembly type is a multifile assembly, where the contents of the assembly are stored
in more than one file, as illustrated by Figure 2-2.
Figure 2-2. A multifile assembly stores the assembly contents in more
than one file

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
In a multifile assembly, the assembly metadata and any resources are stored in one file
(MultiFileAssembly.dll in Figure 2-1), while the MSIL code is contained in one or more modules,
each of which contains one or more data types and any associated type metadata. The assembly is
made up of all three files, which must be deployed together; there is no association between the
files enforced by the filesystem—the relationship between the files is described by the file list
element of the assembly metadata.
The advantage of a multifile assembly is that each module can contain types written in a different
.NET language; in Figure 2-2, we illustrate this by including the CSharpCode.netmodule and
VBCode.netmodule files in the assembly, representing data types written in C# and Visual Basic
.NET, respectively. In the next section, we demonstrate how to create an assembly using modules
written in different languages.
Visual Studio .NET does not include support for creating modules or multifile
assemblies; you must use the command-line tools included with the .NET
Framework SDK to create multifile assemblies.
Each assembly can have one of three "flavors," depending on the intended function of the
assembly, summarized as follows:
Library assembly
A library assembly contains .NET types that are consumed by other assemblies. A library
assembly cannot be executed.
Executable assembly
An executable assembly can be executed as an application, but the types defined in the
assembly cannot be used by other assemblies.
Windows executable assembly

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
A Windows executable assembly is a variation of an executable assembly that is specifically
for GUI applications.
This brief overview of assemblies should provide you with enough information to understand the
rest of this chapter and the content presented in the rest of this book. Chapter 4 provides more
information about the role of assemblies in the life cycle of a .NET application.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
2.2 Creating Assemblies
To transform source code files into assemblies, you must use a language-specific .NET compiler. For
C# source code files, we use the C# compiler (csc.exe) and we use the Visual Basic .NET compiler
(vbc.exe) for Visual Basic .NET source files. In this section, we will demonstrate how to create single-
and multifile assemblies; we do not go into detail about how to use the .NET compilers. We begin by
defining two simple types, the first of which is as follows:
# C#
public class SumNumbers {
private int o_total;
/// <summary>
/// Default constructor - initializes the total to zero
/// </summary>
public SumNumbers( ) {
// initialize the total
o_total = 0;
}
/// <summary>
/// Add a number to the total
/// </summary>
/// <param name="p_number">The number to add</param>
public void AddNumber(int p_number) {
o_total += p_number;
}
/// <summary>
/// Get the total
/// </summary>
/// <returns>The total of all values presented to AddNumber</returns>
public int GetTotal( ) {
return o_total;
}
}
# Visual Basic .NET
Public Class SumNumbers
Private o_total As Integer
Public Sub New( )
' initialize the total
o_total = 0
End Sub
Public Sub AddNumber(ByVal p_number As Integer)
o_total += p_number
End Sub

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
Public Function GetTotal( ) As Integer
Return o_total
End Function
End Class
TheSumNumbers class maintains a running total of integer values using the AddNumber method; the
total value is obtained using the GetTotal method. The second type, SumArray, defines the static
memberSumArrayOfIntegers, which accepts an array of integers to be added together; this class is
a consumer of SumNumbers.
# C#
public class SumArray {
/// <summary>
/// Static method that sums together the values in
/// an array of integers
/// </summary>
/// <param name="p_arr"></param>
/// <returns></returns>
public static int SumArrayOfIntegers(int[] p_arr) {
// create a new instance of SumNumbers
SumNumbers x_sum = new SumNumbers( );
// add each value in the array to the sum
foreach (int x_int in p_arr) {
x_sum.AddNumber(x_int);
}
// return the total from the sum
return x_sum.GetTotal( );
}
}
# Visual Basic .NET
Public Class SumArray
Public Shared Function SumArrayOfIntegers(ByVal p_arr( ) As Integer) _
As Integer
' create a new instance of the SumNumbers class
Dim x_sum As SumNumbers = New SumNumbers
' add each value in the array to the sum
Dim x_int As Integer
For Each x_int In p_arr
x_sum.AddNumber(x_int)
Next
' return the total from the sum
Return x_sum.GetTotal( )
End Function
End Class
We will save the SumNumbers type in a file named SumNumbers.cs (C#)/SumNumbers.vb (Visual
Basic .NET) and the SumArray type in a file named SumArray.cs (C#)/SumArray.vb (Visual Basic
.NET).
2.2.1 Creating a Single-File Assembly

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
This is the default assembly type created by the C# and Visual Basic .NET compilers. The assembly
metadata and the MSIL statements are included in a single file. The following statements demonstrate
how we create a single-file library assembly from our source files:
# C#
csc /out:SingleFileAssembly.dll /target:library SumNumbers.cs SumArray.cs
# Visual Basic .NET
vbc /out:SingleFileAssembly.dll /target:library SumNumbers.vb SumArray.vb
These statements create a single-file assembly named SingleFileAssembly.dll, which contains the
compiledSumNumbers and SumArray types; the /out argument allows you to specify the name of the
created file, while the /target option allows you to choose between application and library
assemblies; consult the .NET documentation for full details of the compiler options.
2.2.2 Creating a Multifile Assembly
Creating a multifile assembly is more complicated than creating a single-file assembly but does
provide additional flexibility; in this section, we demonstrate how to create an assembly that contains
modules written in different .NET languages. We start by compiling our C# implementation of the
SumNumber type into its own module:
csc /out:SumNumbers.netmodule /target:module SumNumbers.cs
This command creates a new module called SumNumbers.netmodule. The "netmodule" suffix is the
standard for module files, in the same way that "dll" is for library files. We will now compile our Visual
Basic .NET implementation of the SumArray type into a module. The SumArray class depends on the
functionality of the SumNumbers class, and we reference the SumNumbers.netmodule file with the
/addmodule argument:
vbc /out:SumArray.netmodule /target:module /addmodule:SumNumbers.netmodule
SumArray.vb
We have now created two modules—SumNumbers.netmodule is creating from a C# class, while
SumArray.netmodule is created from a Visual Basic .NET class. .NET modules can contain more than
one type, although each type must be defined in the same language—we have created modules
containing only one type in order to present a simple and clear example.
We can now create a multifile assembly that contains our modules by using the Assembly Linker tool
(al.exe). The following command creates a library assembly called MultiFileAssembly.dll:
al /out:MultiFileAssembly.dll /target:library SumNumbers.netmodule SumArray.netmodule
The Assembly Linker creates the DLL file, which contains only the assembly metadata and references
to the module files, each of which includes one of our example classes.
A multifile assembly consists of the metadata file (the .dll or .exe)and all of the
modules you specified to the Assembly Linker. When distributing a multifile
assembly, you must include all of the files with a netmodule suffix as well as the
metadata file.
[ Team LiB ]

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
[ Team LiB ]
2.3 Shared Assemblies
Assemblies can be private or shared, as illustrated by Figure 2-3. Each application that uses a
private assembly has its own copy, which is stored alongside the other application components. If
there are two applications installed on the same computer, and each application relies on the same
private assembly, then there will be two copies of the assembly files installed. Each time you install
a new application that relies on the private assembly, you create new instances of the assembly
files on disk. Each assembly is independent of the others, and each application is completely self-
contained.
Figure 2-3. Private and shared assemblies
By contrast, several applications can use a single instance of a shared assembly. The assembly is
placed in a common location (a shared directory or network server), and every application that
requires the assembly uses the same assembly disk files. More than one copy of a shared
assembly can be installed, and groups of applications can rely on different instances, as illustrated
byFigure 2-4.
Figure 2-4. Groups of applications relying on multiple identical private
assemblies

[ Team LiB ]
• Index
• Reviews
• Reader Reviews
• Errata
Publisher: O'Reilly
Pub Date: June 2003
ISBN: 0-596-00442-7
Pages: 714
[ Team LiB ]
The .NET Framework also provides the Global Assembly Cache (GAC), which is a central repository
for shared assemblies. All applications that rely on a shared assembly stored in the GAC use the
same disk files, as illustrated by Figure 2-5; such applications do not need to be configured to find
shared assemblies in specific locations; the GAC is always available to all applications. See Section
2.5.1 for further details.
Figure 2-5. The GAC hosts shared assemblies
When we say that applications "share" an assembly, we mean that they use
the same disk file. Each application is given its own copy of the data types
contained in the assembly, and no data is shared between the applications.
SeeChapter 4 for more information on the role of an assembly in an
application.
The benefits of sharing an assembly are administrative—the assembly security policies and
configuration that we discuss in the following chapters are applied to a shared assembly once,
affecting all of the applications that rely on the assembly, whereas each instance of a private
assembly must be configured individually.
[ Team LiB ]

Exploring the Variety of Random
Documents with Different Content

The Project Gutenberg eBook of Ending the
depression through planned obsolescence

This ebook is for the use of anyone anywhere in the United States
and most other parts of the world at no cost and with almost no
restrictions whatsoever. You may copy it, give it away or re-use it
under the terms of the Project Gutenberg License included with this
ebook or online at www.gutenberg.org. If you are not located in the
United States, you will have to check the laws of the country where
you are located before using this eBook.
Title: Ending the depression through planned obsolescence
Author: Bernard London
Release date: November 1, 2023 [eBook #72003]
Language: English
Original publication: New York: self-published, 1932
Credits: Bob Taylor, Tim Lindell and the Online Distributed
Proofreading Team at https://www.pgdp.net (This book was
produced from images made available by the HathiTrust
Digital Library.)
*** START OF THE PROJECT GUTENBERG EBOOK ENDING THE
DEPRESSION THROUGH PLANNED OBSOLESCENCE ***

Ending the Depression
through
Planned Obsolescence
BY
Bernard London

through
Planned Obsolescence
BY
Bernard London
21 EAST FORTIETH STREET
NEW YORK, N. Y.

COPYRIGHT, 1932, BY BERNARD LONDON

F
Through Planned Obsolescence
By Bernard London
RANK A. VANDERLIP, former President of the National City
Bank, of New York, characterized this as a stupid depression. He
emphasized the fact that millions were suffering amidst glutted
markets and surpluses.
The new paradox of plenty constitutes a challenge to revolutionize
our economic thinking. Classical economics was predicated on the
belief that nature was niggardly and that the human race was
constantly confronted by the spectre of shortages. The economist
Malthus writing in 1798 warned that the race would be impoverished
by an increase in population which he predicted would greatly
exceed gains in the production of foodstuffs.
However, modern technology and the whole adventure of applying
creative science to business have so tremendously increased the
productivity of our factories and our fields that the essential
economic problem has become one of organizing buyers rather than
of stimulating producers. The essential and bitter irony of the present
depression lies in the fact that millions of persons are deprived of a
satisfactory standard of living at a time when the granaries and
warehouses of the world are overstuffed with surplus supplies, which
have so broken the price level as to make new production
unattractive and unprofitable.
Primarily, this country and other countries are suffering from
disturbed human relationships.
Factories, warehouses, and fields are still intact and are ready to
produce in unlimited quantities, but the urge to go ahead has been
paralyzed by a decline in buying power. The existing troubles are

man-made, and the remedies must be man-conceived and man-
executed.
In the present inadequate economic organization of society, far too
much is staked on the unpredictable whims and caprices of the
consumer. Changing habits of consumption have destroyed property
values and opportunities for employment. The welfare of society has
been left to pure chance and accident.
In a word, people generally, in a frightened and hysterical mood,
are using everything that they own longer than was their custom
before the depression. In the earlier period of prosperity, the
American people did not wait until the last possible bit of use had
been extracted from every commodity. They replaced old articles
with new for reasons of fashion and up-to-dateness. They gave up
old homes and old automobiles long before they were worn out,
merely because they were obsolete. All business, transportation, and
labor had adjusted themselves to the prevailing habits of the
American people. Perhaps, prior to the panic, people were too
extravagant; if so, they have now gone to the other extreme and
have become retrenchment-mad.
People everywhere are today disobeying the law of obsolescence.
They are using their old cars, their old tires, their old radios and their
old clothing much longer than statisticians had expected on the basis
of earlier experience.
The question before the American people is whether they want to
risk their future on such continued planless, haphazard, fickle
attitudes of owners of ships and shoes and sealing wax.
What the people can afford is very different at a time when the
majority are gainfully employed than it is in a period when perhaps
ten million are without gainful employment. The job of modern
management is to balance production with consumption—to enable
one large group, like the factory workers in the cities, to exchange
the products of their hours of labor for the output of farmers. The
prevailing defeatist assumption that depression and unemployment
must continue because we have too much of everything, is the
counsel of despair.

Society is suffering untold loss in foregoing the workpower of ten
million human beings. The present deadlock is the inevitable result
of traveling along blind alleys. Chaos must unavoidably flow from an
unplanned economic existence.
In the future, we must not only plan what we shall do, but we
should also apply management and planning to undoing the obsolete
jobs of the past. This thought constitutes the essence of my plan for
ending the depression and for restoring affluence and a better
standard of living to the average man.
My proposal would put the entire country on the road to recovery,
and eventually restore normal employment conditions and sound
prosperity. My suggested remedy would provide a permanent source
of income for the Federal Government and would relieve it for all
time of the difficulties of balancing its budget.
Briefly stated, the essence of my plan for accomplishing these
much-to-be-desired ends is to chart the obsolescence of capital and
consumption goods at the time of their production.
I would have the Government assign a lease of life to shoes and
homes and machines, to all products of manufacture, mining and
agriculture, when they are first created, and they would be sold and
used with the term of their existence definitely known by the
consumer. After the allotted time had expired, these things would be
legally “dead” and would be controlled by the duly appointed
governmental agency and destroyed if there is widespread
unemployment. New products would constantly be pouring forth from
the factories and marketplaces, to take the place of the obsolete,
and the wheels of industry would be kept going and employment
regularized and assured for the masses.
I am not advocating the total destruction of anything, with the
exception of such things as are outworn and useless. To start
business going and employ people in the manufacture of things, it
would be necessary to destroy such things in the beginning—but for
the first time only. After the first sweeping up process necessary to
clean away obsolete products in use today, the system would work
smoothly in the future, without loss or harm to anybody. Wouldn’t it

be profitable to spend a sum of—say—two billion dollars to buy up,
immediately, obsolete and useless buildings, machinery, automobiles
and other outworn junk, and in their place create from twenty to thirty
billion dollars worth of work in the construction field and in the
factory? Such a process would put the entire country on the road to
recovery and eventually would restore normal employment and
business prosperity.
An equally important advantage of a system of planned
obsolescence would be its function in providing a new reservoir from
which to draw income for the operation of the Government. The
actual mechanism involved would be briefly something like this:
The people would turn in their used and obsolete goods to certain
governmental agencies, situated at strategic locations for the
convenience of the public. The individual surrendering, for example,
a set of old dining room furniture, would receive from the Comptroller
or Inspector of such a Station or Bureau, a receipt indicating the
nature of the goods turned in, the date, and the possible value of the
furniture (which is to be paid to him in the future by the Government).
This receipt would be stamped in a receipt book with a number,
which the individual would have received when he first brought in an
obsolete article to be destroyed. Receipts so issued would be
partially equivalent to money in the purchase of new goods by the
individual, in that they would be acceptable to the Government in
payment of the sales tax which would be levied as part of my plan.
For example, a consumer purchasing a $100 radio, on which the
sales tax is 10 per cent or $10, the purchaser would pay cash for the
radio, but could offer $10 worth of receipts for obsolete merchandise
turned in, in payment of the sales tax. The merchant or manufacturer
would have to accept these receipts for this purpose, and would turn
them back to the Government in payment of the sales tax, which
must be borne ultimately by the consumer in any event.
Under this system, the purchaser would feel he had been paid for
the used-up article which he turned in to the Government, yet the
Government would not have had to pay a cent of cash for the goods
so surrendered. As a result of the process, nevertheless, the wheels

of industry would be greased, and factories would be kept busy
supplying new goods, while employment would be maintained at a
higher level.
I maintain that taxes should be levied on the people who are
retarding progress and preventing business from functioning
normally, rather than as at present on those who are cooperating
and promoting progress. Therefore I propose that when a person
continues to possess and use old clothing, automobiles and
buildings, after they have passed their obsolescence date, as
determined at the time they were created, he should be taxed for
such continued use of what is legally “dead.” He could not deny that
he does not possess such goods, as he might hide his income to
avoid paying an income tax, because they are material things, with
their date of manufacture known. Today we penalize by taxation
persons who spend their money to purchase commodities, which are
necessary in order to create business. Would it not be far more
desirable to tax instead the man who is hoarding his money and
keeping old and useless things? We should tax the man who holds
old things for a longer time than originally allotted.
Under the present estate and inheritance tax system, the State
has to wait an indefinite period, and allow the owner of a building or
commodity to keep on earning and adding more to his fortune until
he dies, before it can collect its inheritance tax. With obsolescence of
merchandise computed in advance, the Government will collect
when the article dies, instead of when its owner dies.
Moreover, the present method of collecting revenue under the
income tax is speculative and uncertain, because the profits of
industry and business, upon which the income tax is based, are
subject to vast fluctuations.
If the plan I propose is adopted, there will be a source of
permanent income to the State from goods and merchandise in
existence, and which are bound to continue to exist. Through a
process of checking control of what the manufacturer sells to the
dealer, and through reports by retailers of what they sell to the
consumers, the Government will know by the end of the year just

what income it will be sure of getting, and this amount it will be paid
irrespective of whether people are making big profits or not.
My plan would rectify the fundamental inequalities of our present
economic system, in which we follow a hit-or-miss method, one
getting much more than he needs or can use, and another less or
nothing. We should learn to use our material resources so that all
can partake of them, yet so that none will be any poorer or worse off
than today.
In our present haphazard organization, the product of the worker’s
toil continues to benefit and produce income for its owner long after
the one whose sweat created it has spent and exhausted the
meagre compensation he received for his labor.
The worker’s wages are exhausted in a week or a month in the
purchase of food, clothing and shelter. He has for himself little that is
permanent to show for his hours of toil, whereas the owner of the
building or machine which the worker’s labor helped to construct has
a unit of capital goods which will last for years or even decades. The
man who performed the work received as compensation only
enough to purchase comfort and sustenance for a short time, and he
must continue to labor if he wishes to go on living. The product of the
worker’s hand, however, is a semi-permanent thing and produces
income for its owner for an indefinite period of years. In the end, not
only is the original cost of production repaid and interest yield on the
investment, but far more besides. This very lasting quality of the
product of the worker’s toil results to his disadvantage, for a time
comes such as we are passing through today, when there is an
excess of capital goods and the worker is told: “We have enough
production of wealth; we are going to use up what we have and need
no more for the present. You laborer, go and find work elsewhere.
We do not need you now.”
And so the worker, whose sweat wrought this vast store of
material goods, suffers from poverty and want, while the country is
glutted with everything. My plan would correct this obviously
inequitable situation by arbitrarily limiting the return to capital, to a

stipulated period of years, after which the benefits would revert to the
people.
The situation in which the country now finds itself, in which there is
poverty amidst plenty, is well illustrated by the analogy of a great
giant standing in a pool of fresh water up to his lips, yet crying out
that he is thirsty because he is paralyzed and cannot stoop to drink.
His muscles must be enabled to relax, for him to bend down in order
that he may quench his thirst. So, too, the paralysis which prevents
our economic society from consuming the abundant supplies of raw
materials and manufactured commodities which glut our markets
must be cured before normal conditions can be restored.
Furniture and clothing and other commodities should have a span
of life, just as humans have. When used for their allotted time, they
should be retired, and replaced by fresh merchandise. It should be
the duty of the State as the regulator of business to see that the
system functions smoothly, deciding matters for capital and labor
and seeing that everybody is sufficiently employed. The Government
will have the power to extend the life of articles for a year or two
(upon agreed terms), if they are still useable after their allotted time
has expired and if employment can be maintained at a high peak
without their replacement.
If a machine has been functioning steadily for five years or so, it
can fairly be considered dead—dead to the one who paid his money
for it—because he has had all the use of it during those five years
and it will have paid for its life by its earnings in the five-year period.
Then it should go to the workmen, through the State; its life can be
prolonged if the factories are already busy and there are no
unemployed. But if by its replacement idle workers can be given jobs
and closed factories reopened, then this machine should be
destroyed and new (and probably improved) apparatus produced in
its place.
The original span of life of a commodity would be determined by
competent engineers, economists and mathematicians, specialists in
their fields, on behalf of the Government.

In the course of 30 years under this arrangement, most
construction and production would undergo a fundamental change
for the better, as old, dilapidated and obsolete buildings and
machines disappeared and new ones appeared in their place.
During this period some manufactured commodities would have
been destroyed and replaced 15 times, others 10 times, still others 5
times, etc., depending on the span of life allotted to each, in order for
it to earn sufficient for its purpose before it dies. We must work on
the principle of nature, which creates and destroys, and carries the
process of elimination and replacement through the ages. There
would be no overproduction, were this method adopted, for
production and consumption would be regularized and adjusted to
each other, and it would no longer be necessary to send our surplus
goods to find outlet in foreign markets. We would not then, as we do
today, have to sell these goods on credit and later have to beg for
our money, which in the long run foreign nations do not want to
repay anyway.
In the description of things under the present organization of
society, we continually make use of a system of weights and
measures. Thus, a commodity is evaluated in terms of size—shape,
weight, value, etc. The weights and measures we use are
standardized and regulated by the Government so that they may not
be violated. But, though we may not realize it, this system is
incomplete because in the description of things it omits consideration
of two elements which are equal in importance to those in everyday
use in determining real values. These are life and time, life with
respect to the commodity produced, and time, the period it should
last.
If we add the elements of life and time to our measurement of
what we produce, and say that the life of this automobile shall be not
more than 5 years, or the life of this building shall last not more than
25 years, then, with the addition of our customary measurement of
these commodities, we will have a really complete description of
them right from the beginning. And, when capital purchases the
automobile or the building, it will be doing so only for that limited
period of years, after which the remaining value left in the product

will revert to labor, which produced it in the first place, and which
thus will receive its rightful share in the end, even if it did not do so in
the beginning.
Miracles do not happen. They must be planned in order to occur.
Similarly in this time of economic crisis, we must work out our own
salvation.
If we can afford to sink ships, that cost millions of dollars to
construct, merely for the purpose of giving target practice to the
gunner, then surely we can afford to destroy other obsolete and
useless products in order to give work to millions and pull the country
out of the dire catastrophe in which it is now wallowing.
At the present time our country has plenty of everything, yet
people are in want because of a breakdown in distribution, an
inadequate division of the fruits of labor. Worn-out automobiles,
radios and hundreds of other items, which would long ago have been
discarded and replaced in more normal times, are being made to last
another season or two or three, because the public is afraid or has
not the funds to buy now. The Government should be enabled to
advance a sum of money to certain Trust Agencies to purchase part
of these obsolete buildings and machines and clothing. They should
be thrown into a junk pile, and money lent toward creating new
buildings, machines and commodities.
The State can lend money for the erection of new buildings at an
interest rate of no more than 2½ or 3 per cent. Suppose, though, that
new builders or owners of the buildings pay 5 or 5½ per cent
interest. Two and a half per cent of this would go to the Government
as interest and 2½ or 3 per cent for amortization or to a sinking fund,
out of which to pay back for the construction of the building within 25
or 30 years, computed on a basis of compound interest. At that time,
the building can be destroyed and a new one erected, with resultant
stimulus to employment. The original building in the intervening
years would have served its purpose and fairly repaid its owner.
Capital should be willing to invest its wealth on a 2½ or 3 per cent
interest basis under such circumstances, because the investment
will be safe, steady and permanent. In the present economic chaos,

investments at great interest rates are in jeopardy and, while at
present lenders are getting large returns for their money, their capital
is in constant danger of being wiped out altogether.
The tax-collecting machinery at present used by the Government
could readily be converted into the media for carrying into operation
the system here proposed. It could be used with the same force and
effect, and new laws passed concerning everything produced, just as
our present excise and tariff laws cover in their fixing of rates
thousands of individual items and categories. Such a means of
solving our economic problem could be brought into operation
quickly and in a few months the machinery of administration
perfected so that thousands of people could be put back to work
within a comparatively short time.
If this plan were in operation, speculators would not acquire
fortunes simply by manipulating and creating false values or
synthetic wealth. If it were decreed that the life of wheat were to be
no more than two years, for example, no man would buy the grain
solely for speculation, thus creating an artificial market and holding a
club over the farmer’s head, as today. He would not dare because he
would know that he would have to pay the Government a tax on the
wheat after it had lived its legal life and this would make it
unprofitable or at least highly dangerous to buy speculatively and
hold for the future.
The widespread suffering from unemployment and want in this
country today is a symptom of a fundamental maladjustment—a
sickness, if you like, in our body economic. Almost every sickness
can be cured, provided we get the right doctor to diagnose the case
and prescribe the proper medicine, but the patient must take the
medicine in order to get well. My plan is in essence a prescription for
the relief and cure of the ailments from which our economic
organization is today suffering.
Of course, the inauguration of such a system of planned
obsolescence will be opposed by many merely because it is new, for
it is hard for us to abandon our old notions and adjust ourselves to a
new way of thinking. Unlike most changes for the good of the

masses, however, this scheme need not involve much hardship,
strife or suffering. That is not necessary. With a reasonable amount
of common sense used, the plan ought gradually to work smoothly
without much loss to anybody. In war-time we conscript the flower of
our country’s manhood, and send them to the front to fight and often
be destroyed. If such drastic procedure is deemed wise and
necessary in the crisis of war, would it not be far more logical and
profitable in our present emergency to conscript the dead things—
material, not human—such as obsolete buildings, machinery and
outmoded commodities, and send them to the front to be destroyed
in the war against depression, thus saving the country from
economic chaos by providing work?
It is far cheaper to destroy useless and obsolete goods now, and
perhaps some of our synthetic wealth as well, than to risk destroying
far more priceless assets, such as human life, and undermining the
health and confidence of the people, by continuing to fight the
depression with our old, slow and costly methods.
Even in the present organization of our economic society, we
recognize in many instances the necessity of destroying some of our
wealth in order to increase it. For example, coal is wealth, but it is
burned up and destroyed daily in locomotives, furnaces and other
devices in order to create power to drive machinery and manufacture
goods. Similarly, oil is wealth, but to serve its purpose it must be
used and consumed in the engines of automobiles and the whirring
wheels of factories. Grain is wealth, but we destroy it by feeding it to
cattle, by consuming it ourselves, and by scattering it on the ground
as seed to produce more grain. It is by this process that people live,
function and create material goods.
Wealth may be compared to our language. Although we use our
language every day, it does not get used up. On the contrary, new
words and idioms are constantly being added to the national
vocabulary, and the language increases in usefulness the more it is
spoken, instead of deteriorating.
In olden times, only a few chosen ones, such as kings and priests
and nobles, could read and write. The rest of the people were kept in

ignorance and poverty. Today, with our standardized and simplified
grammar and our mass education, the benefits of literacy are
available to everybody, to rich and poor alike.
Such a condition should exist also with respect to the enjoyment of
wealth. A minimum standard should be created for everyone, and
rich and poor, old and young should participate in its benefits, and
profit from its use and management.
Our economic society has advanced little from Medieval times in
the distribution of our wealth. We still continue on the basis of our old
theories and notions that only the chosen ones should enjoy it.
There is as much wealth in existence as there is time, but people
do not visualize it. Wealth, like food, must be digested for human
beings to be able to live, function and create—in other words, to
produce more wealth. If we want to acquire new wealth, the supply
lines must be drained so that fresh commodities can come in. If there
are stale goods left in the lines, the fresh supply must force them out.
The cause of our present stagnation is that the supply line or
arteries furnishing the needs of the country are clogged with
obsolete, outworn and outmoded machinery, buildings and
commodities of all kinds. These are obstructing the avenues of
commerce and industry and are preventing new products from
coming through. There is little demand for new goods when people
make their old and worn-out things do, by keeping them longer than
they should.
We need to apply better managerial foresight to public affairs. I
contend that any business or corporation, public or private, which
operates and expects to get an income of several billions of dollars a
year from its operations, deserves much attention, and requires
thoughtful planning, in order to perfect the machinery of its
organization. The aim should be to make it function smoothly in
order to satisfy the self-supporting multitudes, by providing them with
regular employment at a living wage which will assure the American
standard of living.

Such a socially responsible system, which is anxious for the well-
being of all of its citizens, is on a vastly sounder and more
permanent basis than one which allows business merely to take out
profits without improving the organization with new methods and
without renewing the equipment.
I maintain that with wealth should go responsibility. Too many
nowadays regard wealth as a license to freedom and immunity from
obligation to the people. Such irresponsible possessors of wealth are
shirkers, who tend to make all of us poorer.
Summarizing the benefits which would accrue to this nation and to
the world at large if my plan were adopted and put into effect, it
would:
1. Bring order out of the chaos now disrupting the whole
economic and social organization.
2. Organize and regularize opportunities for
employment.
3. Obviate the tremendous social waste of making no
use of the workpower of millions of men and women (who
are compelled to stay idle). In this connection, it is
significant to note that “the cost of the present depression
will very probably exceed 50 billions of dollars” (a
staggering amount), according to Malcolm C. Rorty,
business executive and statistician, writing in a recent
issue of the Harvard Business Review.
4. My plan would take Government finances out of their
present speculative status and would put Government
income on a more stable basis, by receiving annually at
least between 25 and 50 per cent of the net income of all
the buildings, machinery and other commodities which
have been declared obsolete after their allotted time, and
nevertheless allowed to function longer in the event there
is ample employment.

Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade
Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.
Let us accompany you on the journey of exploring knowledge and
personal growth!
ebookfinal.com

Full Download Programming NET Security 1st Edition Adam Freeman PDF DOCX

More Related Content

Similar to Full Download Programming NET Security 1st Edition Adam Freeman PDF DOCX (20)

Recently uploaded (20)

Full Download Programming NET Security 1st Edition Adam Freeman PDF DOCX