Securing ADO.NET Applications 

Writing a secure ADO.NET application involves more than avoiding common coding pitfalls. An application that accesses data has many potential points of failure that an attacker can exploit to retrieve, manipulate or destroy sensitive data. It is important to understand all aspects of security, from the process of threat modeling during the design phase of your application, to its eventual deployment and continuing through its ongoing maintenance.

In This Section

Security Concepts

Describes basic considerations for securing ADO.NET applications.

Evaluating Security Threats

Describes threat modeling as an essential process when designing an ADO.NET application.

ADO.NET Secure Coding Guidelines

Provides recommendations for increasing the security of ADO.NET code.

Validating User Input

Demonstrates techniques for validating user input.

Application Security

Provides links to topics about securing different types of applications.

Securing Connection Strings

Demonstrates techniques for protecting information used to connect to a data source.

Code Access Security and ADO.NET

Describes how Code Access Security can help protect ADO.NET code.

Working with Secured Data Sources

Describes the implementation of database security and its effect on the overall security of an ADO.NET application.

Cryptography and Data Access

Describes techniques for increasing data security and integrity in .NET applications.

Related Sections

What's New in ADO.NET

Introduces features that are new in ADO.NET.

Overview of ADO.NET

Provides an introduction to the design and components of ADO.NET.

Using DataSets in ADO.NET

Describes how to create and use DataSets, typed DataSets, DataTables, and DataViews.

Connecting and Retrieving Data in ADO.NET

Describes how to connect to a data source and retrieve data, including DataReaders and DataAdapters.

Modifying Data in ADO.NET

Describes how to modify data in a database and how to use transactions.

Using the .NET Framework Data Provider for SQL Server

Describes how to work with features and functionality that are specific to SQL Server.

Using the .NET Framework Data Provider for Oracle

Describes features and behaviors that are specific to the .NET Framework Data Provider for Oracle.

Using SQL Server Common Language Runtime Integration

Describes how data can be accessed from within a common language runtime (CLR) database object in SQL Server 2005.

Writing Provider Independent Code in ADO.NET

Describes generic classes that allow you to write provider-independent code in ADO.NET.

Performing General Tasks in ADO.NET

Describes how to use various general-purpose features of ADO.NET.

Finding Additional ADO.NET Information

Provides links to additional online information about ADO.NET.

See Also