Securing ADO.NET Applications


Writing a secure ADO.NET application involves more than avoiding common coding pitfalls such as not validating user input. An application that accesses data has many potential points of failure that an attacker can exploit to retrieve, manipulate, or destroy sensitive data. It is therefore important to understand all aspects of security, from the process of threat modeling during the design phase of your application, to its eventual deployment and ongoing maintenance.

The .NET Framework provides many useful classes, services, and tools for securing and administering database applications. The common language runtime (CLR) provides a type-safe environment for code to run in, with code access security (CAS) to restrict further the permissions of managed code. Following secure data access coding practices limits the damage that can be inflicted by a potential attacker.

Writing secure code does not guard against self-inflicted security holes when working with unmanaged resources such as databases. Most server databases, such as SQL Server, have their own security systems, which enhance security when implemented correctly. However, even a data source with a robust security system can be victimized in an attack if it is not configured appropriately.

In This Section

Security Overview 

Provides recommendations for designing secure ADO.NET applications.

Secure Data Access 

Describes how to work with data from a secured data source.

Secure Client Applications 

Describes security considerations for client applications.

Code Access Security and ADO.NET

Describes how CAS can help protect ADO.NET code. Also discusses how to work with partial trust.

Privacy and Data Security 

Describes encryption options for ADO.NET applications.

Related Sections

SQL Server Security

Describes SQL Server security features from a developer's perspective.

Security Considerations (Entity Framework)

Describes security for Entity Framework applications.

Security in the .NET Framework 

Contains links to topics describing all aspects of security in the .NET Framework.

Security Tools 

.NET Framework tools for securing and administering security policy.

Resources for Creating Secure Applications

Provides links to topics for creating secure applications.

Security Bibliography  

Provides links to external resources available online and in print.