Securing ADO.NET applications

Writing a secure ADO.NET application involves more than avoiding common coding pitfalls such as not validating user input. An application that accesses data has many potential points of failure that an attacker can exploit to retrieve, manipulate, or destroy sensitive data. It is therefore important to understand all aspects of security, from the process of threat modeling during the design phase of your application, to its eventual deployment and ongoing maintenance.

The .NET Framework provides many useful classes, services, and tools for securing and administering database applications. The common language runtime (CLR) provides a type-safe environment for code to run in, with code access security (CAS) to restrict further the permissions of managed code. Following secure data access coding practices limits the damage that can be inflicted by a potential attacker.

Writing secure code does not guard against self-inflicted security holes when working with unmanaged resources such as databases. Most server databases, such as SQL Server, have their own security systems, which enhance security when implemented correctly. However, even a data source with a robust security system can be victimized in an attack if it is not configured appropriately.

In this section

Security Overview
Provides recommendations for designing secure ADO.NET applications.

Secure Data Access
Describes how to work with data from a secured data source.

Secure Client Applications
Describes security considerations for client applications.

Code Access Security and ADO.NET
Describes how CAS can help protect ADO.NET code. Also discusses how to work with partial trust.

Privacy and Data Security
Describes encryption options for ADO.NET applications.

DataSet and DataTable security guidance
Provides security guidance for DataSet and DataTable.

SQL Server Security
Describes SQL Server security features from a developer's perspective.

Security Considerations
Describes security for Entity Framework applications.

Contains links to articles describing all aspects of security in .NET.

Security Tools
.NET Framework tools for securing and administering security policy.

Resources for Creating Secure Applications
Provides links to articles for creating secure applications.

Security Bibliography
Provides links to external resources available online and in print.

See also