Securing ADO.NET Applications
Writing a secure ADO.NET application involves more than avoiding common coding pitfalls such as not validating user input. An application that accesses data has many potential points of failure that an attacker can exploit to retrieve, manipulate, or destroy sensitive data. It is therefore important to understand all aspects of security, from the process of threat modeling during the design phase of your application, to its eventual deployment and ongoing maintenance.
The .NET Framework provides tools to secure your applications and to administer security policy. Links to documentation about these tools can be found in the Security Tools topic. The common language runtime (CLR) provides a type-safe environment for code to run in, with code access security (CAS) to restrict further the permissions of managed code. In addition to the resources mentioned in this section, the Microsoft Security Developer Center has up-to-date security information, white papers, and downloads.
In This Section
- ADO.NET Security Best Practices
-
Provides recommendations for increasing the security of ADO.NET code.
- Creating Secure User Interfaces
-
Provides links to topics about securing different types of applications.
- Code Access Security and ADO.NET
-
Describes how CAS can help protect ADO.NET code. Also discusses how to work with partial trust.
- Working with Secured Data Sources and Components
-
Describes how to work with data from a secured data source.
- Securing Connection Strings
-
Demonstrates techniques for protecting information used to connect to a data source.
