Securing ADO.NET Applications

Writing a secure ADO.NET application involves more than avoiding common coding pitfalls such as not validating user input. An application that accesses data has many potential points of failure that an attacker can exploit to retrieve, manipulate, or destroy sensitive data. It is therefore important to understand all aspects of security, from the process of threat modeling during the design phase of your application, to its eventual deployment and ongoing maintenance.

The .NET Framework provides many useful classes, services, and tools for securing and administering database applications. The common language runtime (CLR) provides a type-safe environment for code to run in, with code access security (CAS) to restrict further the permissions of managed code. Following secure data access coding practices limits the damage that can be inflicted by a potential attacker.

Writing secure code does not guard against self-inflicted security holes when working with unmanaged resources such as databases. Most server databases, such as SQL Server, have their own security systems, which enhance security when implemented correctly. However, even a data source with a robust security system can be victimized in an attack if it is not configured appropriately.

In This Section

• Security Overview (ADO.NET)
  Provides recommendations for designing secure ADO.NET applications.

• Secure Data Access (ADO.NET)
  Describes how to work with data from a secured data source.

• Secure Client Applications (ADO.NET)
  Describes security considerations for client applications.

• Code Access Security and ADO.NET
  Describes how CAS can help protect ADO.NET code. Also discusses how to work with partial trust.

• Privacy and Data Security (ADO.NET)
  Describes encryption options for ADO.NET applications.

Related Sections

• SQL Server Security (ADO.NET)
  Describes SQL Server security features from a developer's perspective.

• Security Considerations (Entity Framework)
  Describes security for Entity Framework applications.

• Security in the .NET Framework
  Contains links to topics describing all aspects of security in the .NET Framework.

• Security Tools
  .NET Framework tools for securing and administering security policy.

• Resources for Creating Secure Applications
  Provides links to topics for creating secure applications.

• Security Bibliography
  Provides links to external resources available online and in print.

See Also

Other Resources

ADO.NET

ADO.NET Managed Providers and DataSet Developer Center