Chapter 12. Data Access Security

This chapter covers key data access security issues and solutions. Some relate to the use of SQL Server while others apply to any data store. Read this chapter to help you:

  • Choose between Microsoft® Windows® operating system authentication and SQL authentication when connecting to SQL Server™.

  • Store connection strings securely.

  • Decide whether to flow the original caller’s security context through to the database.

  • Take advantage of connection pooling.

  • Protect against SQL injection attacks.

  • Store credentials securely within a database.

The chapter also presents various trade offs that relate to the use of roles, for example, roles in the database versus role logic applied in the middle tier. Finally, a set of core recommendations ...

Get Building Secure Microsoft® ASP.NET Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.