Secure Client Applications (ADO.NET)
Applications typically consist of many parts that must all be protected from vulnerabilities that could result in data loss or otherwise compromise the system. Creating secure user interfaces can prevent many problems by blocking attackers before they can access data or system resources.
When constructing an application that accesses data, you should assume that all user input is malicious until proven otherwise. Failure to do so can leave your application vulnerable to attack. The .NET Framework contains classes to help you enforce a domain of values for input controls, such as limiting the number of characters that can be entered. Event hooks allow you to write procedures to check the validity of values. User input data can be validated and strongly typed, limiting an application's exposure to script and SQL injection exploits.
You must also validate user input at the data source as well as in the client application. An attacker may choose to circumvent your application and attack the data source directly.
ASP.NET applications generally need to restrict access to some portions of the Web site and provide other mechanisms for data protection and site security. These links provide useful information for securing your ASP.NET application.
An XML Web service provides data that can be consumed by an ASP.NET application, a Windows Forms application, or another Web service. You need to manage security for the Web service itself as well as security for the client application.
For more information, see the following resources.
Discusses how to secure ASP.NET applications.
Discusses how to implement security for an ASP.NET Web Service.
Discusses how to guard against a script exploit attack, which attempts to insert malicious characters into a Web page.
General security information and links to further discussion,
.NET remoting enables you to build widely distributed applications easily, whether the application components are all on one computer or spread out across the entire world. You can build client applications that use objects in other processes on the same computer or on any other computer that is reachable over its network. You can also use .NET remoting to communicate with other application domains in the same process.
Discusses how to configure remoting applications in order to avoid common problems.
Describes authentication and encryption as well as additional security topics relevant to remoting.
Describes security issues with protected objects and application domain crossing.