Securing ADO.NET Applications
Writing a secure ADO.NET application involves more than avoiding common coding pitfalls such as not validating user input. An application that accesses data has many potential points of failure that an attacker can exploit to retrieve, manipulate, or destroy sensitive data. It is therefore important to understand all aspects of security, from the process of threat modeling during the design phase of your application, to its eventual deployment and ongoing maintenance.
The .NET Framework provides many useful classes, services, and tools for securing and administering database applications. The common language runtime (CLR) provides a type-safe environment for code to run in, with code access security (CAS) to restrict further the permissions of managed code. Following secure data access coding practices limits the damage that can be inflicted by a potential attacker.
Writing secure code does not guard against self-inflicted security holes when working with unmanaged resources such as databases. Most server databases, such as SQL Server, have their own security systems, which enhance security when implemented correctly. However, even a data source with a robust security system can be victimized in an attack if it is not configured appropriately.
In This Section
- Security Overview
- Provides recommendations for designing secure ADO.NET applications.
- Secure Data Access
- Describes how to work with data from a secured data source.
- Secure Client Applications
- Describes security considerations for client applications.
- Code Access Security and ADO.NET
- Describes how CAS can help protect ADO.NET code. Also discusses how to work with partial trust.
- Privacy and Data Security
- Describes encryption options for ADO.NET applications.
ADO.NET Managed Providers and DataSet Developer Center