Export (0) Print
Expand All
2 out of 5 rated this helpful - Rate this topic

Securing ADO.NET Applications 

Writing a secure ADO.NET application involves more than avoiding common coding pitfalls such as not validating user input. An application that accesses data has many potential points of failure that an attacker can exploit to retrieve, manipulate, or destroy sensitive data. It is therefore important to understand all aspects of security, from the process of threat modeling during the design phase of your application, to its eventual deployment and ongoing maintenance.

The .NET Framework provides tools to secure your applications and to administer security policy. Links to documentation about these tools can be found in the Security Tools topic. The common language runtime (CLR) provides a type-safe environment for code to run in, with code access security (CAS) to restrict further the permissions of managed code. In addition to the resources mentioned in this section, the Microsoft Security Developer Center has up-to-date security information, white papers, and downloads.

In This Section

ADO.NET Security Best Practices

Provides recommendations for increasing the security of ADO.NET code.

Creating Secure User Interfaces

Provides links to topics about securing different types of applications.

Code Access Security and ADO.NET

Describes how CAS can help protect ADO.NET code. Also discusses how to work with partial trust.

Working with Secured Data Sources and Components

Describes how to work with data from a secured data source.

Securing Connection Strings

Demonstrates techniques for protecting information used to connect to a data source.

Related Sections

What's New in ADO.NET

Introduces features that are new in ADO.NET.

Overview of ADO.NET

Provides an introduction to the design and components of ADO.NET.

Using DataSets in ADO.NET

Describes how to create and use DataSets, typed DataSets, DataTables, and DataViews.

Connecting and Retrieving Data in ADO.NET

Describes how to connect to a data source and retrieve data, including DataReaders and DataAdapters.

Modifying Data in ADO.NET

Describes how to modify data in a database and how to use transactions.

Using the .NET Framework Data Provider for SQL Server

Describes how to work with features and functionality that are specific to SQL Server.

Using the .NET Framework Data Provider for Oracle

Describes features and behaviors that are specific to the .NET Framework Data Provider for Oracle.

Using SQL Server Common Language Runtime Integration

Describes how data can be accessed from within a CLR database object in SQL Server 2005.

Writing Provider-Independent Code in ADO.NET

Describes generic classes that allow you to write provider-independent code in ADO.NET.

Performing General Tasks in ADO.NET

Describes how to use various general-purpose features of ADO.NET.

Finding Additional ADO.NET Information

Provides links to additional online information about ADO.NET.

See Also

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.