Export (0) Print
Expand All
2 out of 2 rated this helpful - Rate this topic

Checklist: Securing Data Access

 

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

patterns & practices Developer Center

Improving Web Application Security: Threats and Countermeasures

J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Microsoft Corporation

Published: June 2003

Applies to:

  • ADO.NET 1.1

See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.

See the Landing Page for the starting point and a complete overview of Improving Web Application Security: Threats and Countermeasures.

Contents

How to Use This Checklist SQL Injection Checks Authentication Authorization Configuration Management Sensitive Data Exception Management Deployment Considerations

How to Use This Checklist

This checklist is a companion to Chapter 14, "Building Secure Data Access" and Chapter 16, "Securing Your Database Server." Use it to help you build secure data access, or as a quick evaluation snapshot of the corresponding chapters.

This checklist should evolve with secure data access practices that you discover during software development.

SQL Injection Checks

CheckDescription
Ff648227.z02bthcm01(en-us,PandP.10).gifInput passed to data access methods that originates outside the current trust boundary is constrained.

Sanitization of input is only used as a defense in depth measure.

Ff648227.z02bthcm01(en-us,PandP.10).gifStored procedures that accept parameters are used by data access code. If stored procedures are not used, type safe SQL parameters are used to construct SQL commands.
Ff648227.z02bthcm01(en-us,PandP.10).gifLeast-privileged accounts are used to connect to the database.

Authentication

CheckDescription
Ff648227.z02bthcm01(en-us,PandP.10).gifWindows authentication is used to connect to the database.
Ff648227.z02bthcm01(en-us,PandP.10).gifStrong passwords are used and enforced.
Ff648227.z02bthcm01(en-us,PandP.10).gifIf SQL Server authentication is used, the credentials are secured over the network by using IPSec or SSL, or by installing a database server certificate.
Ff648227.z02bthcm01(en-us,PandP.10).gifIf SQL Server authentication is used, connection strings are encrypted by using DPAPI and are stored in a secure location.
Ff648227.z02bthcm01(en-us,PandP.10).gifApplication connects using a least-privileged account. The sa account or other privileged accounts that are members of the sysadmin or db_owner roles are not used for application logins.

Authorization

CheckDescription
Ff648227.z02bthcm01(en-us,PandP.10).gifCalling users are restricted using declarative or imperative principal permission checks (normally performed by business logic).
Ff648227.z02bthcm01(en-us,PandP.10).gifCalling code is restricted using identity permission demands in scenarios where you know and want to limit the calling code.
Ff648227.z02bthcm01(en-us,PandP.10).gifApplication login is restricted in the database and can only execute selected stored procedures. Application's login has no direct table access.

Configuration Management

CheckDescription
Ff648227.z02bthcm01(en-us,PandP.10).gifWindows authentication is used to avoid credential management.
Ff648227.z02bthcm01(en-us,PandP.10).gifConnection strings are encrypted and encrypted data is stored securely, for example, in a restricted registry key.
Ff648227.z02bthcm01(en-us,PandP.10).gifOLE DB connection strings do not contain Persist Security Info="true" or "yes".
Ff648227.z02bthcm01(en-us,PandP.10).gifUDL files are secured with restricted ACLs.

Sensitive Data

CheckDescription
Ff648227.z02bthcm01(en-us,PandP.10).gifSensitive data is encrypted in the database using strong symmetric encryption (for example, 3DES).
Ff648227.z02bthcm01(en-us,PandP.10).gifSymmetric encryption keys are backed up and encrypted with DPAPI and stored in a restricted registry key.
Ff648227.z02bthcm01(en-us,PandP.10).gifSensitive data is secured over the network by using SSL or IPSec.
Ff648227.z02bthcm01(en-us,PandP.10).gifPasswords are not stored in custom user store databases. Password hashes are stored with salt values instead.

Exception Management

CheckDescription
Ff648227.z02bthcm01(en-us,PandP.10).gifADO.NET exceptions are trapped and logged.
Ff648227.z02bthcm01(en-us,PandP.10).gifDatabase connections and other limited resources are released in case of exception or completion of operation.
Ff648227.z02bthcm01(en-us,PandP.10).gifASP.NET is configured with a generic error page using the <customErrors> element.

Deployment Considerations

CheckDescription
Ff648227.z02bthcm01(en-us,PandP.10).gifFirewall restrictions ensure that only the SQL Server listening port is available on the database server.
Ff648227.z02bthcm01(en-us,PandP.10).gifA method for maintaining encrypted database connection strings is defined.
Ff648227.z02bthcm01(en-us,PandP.10).gifThe application is configured to use a least-privileged database login.
Ff648227.z02bthcm01(en-us,PandP.10).gifSQL server auditing is configured. Failed login attempts are logged at minimum.
Ff648227.z02bthcm01(en-us,PandP.10).gifData privacy and integrity over the network is provided with IPSec or SSL.

patterns & practices Developer Center

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.