Securing ADO.NET Applications
Writing a secure ADO.NET application involves more than avoiding common coding pitfalls. An application that accesses data has many potential points of failure that an attacker can exploit to retrieve, manipulate or destroy sensitive data. It is important to understand all aspects of security, from the process of threat modeling during the design phase of your application, to its eventual deployment and continuing through its ongoing maintenance.
In This Section
- Security Concepts
Describes basic considerations for securing ADO.NET applications.
- Evaluating Security Threats
Describes threat modeling as an essential process when designing an ADO.NET application.
- ADO.NET Secure Coding Guidelines
Provides recommendations for increasing the security of ADO.NET code.
- Validating User Input
Demonstrates techniques for validating user input.
- Application Security
Provides links to topics about securing different types of applications.
- Securing Connection Strings
Demonstrates techniques for protecting information used to connect to a data source.
- Code Access Security and ADO.NET
Describes how Code Access Security can help protect ADO.NET code.
- Working with Secured Data Sources
Describes the implementation of database security and its effect on the overall security of an ADO.NET application.
- Cryptography and Data Access
Describes techniques for increasing data security and integrity in .NET applications.
Related Sections
- What's New in ADO.NET
Introduces features that are new in ADO.NET.
- Overview of ADO.NET
Provides an introduction to the design and components of ADO.NET.
- Using DataSets in ADO.NET
Describes how to create and use DataSets, typed DataSets, DataTables, and DataViews.
- Connecting and Retrieving Data in ADO.NET
Describes how to connect to a data source and retrieve data, including DataReaders and DataAdapters.
- Modifying Data in ADO.NET
Describes how to modify data in a database and how to use transactions.
- Using the .NET Framework Data Provider for SQL Server
Describes how to work with features and functionality that are specific to SQL Server.
- Using the .NET Framework Data Provider for Oracle
Describes features and behaviors that are specific to the .NET Framework Data Provider for Oracle.
- Using SQL Server Common Language Runtime Integration
Describes how data can be accessed from within a common language runtime (CLR) database object in SQL Server 2005.
- Writing Provider Independent Code in ADO.NET
Describes generic classes that allow you to write provider-independent code in ADO.NET.
- Performing General Tasks in ADO.NET
Describes how to use various general-purpose features of ADO.NET.
- Finding Additional ADO.NET Information
Provides links to additional online information about ADO.NET.