Download ADO.NET and Stored Procedures

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
Document related concepts

SQL wikipedia , lookup

Entity–attribute–value model wikipedia , lookup

Oracle Database wikipedia , lookup

IMDb wikipedia , lookup

Extensible Storage Engine wikipedia , lookup

Microsoft Access wikipedia , lookup

Concurrency control wikipedia , lookup

PL/SQL wikipedia , lookup

Relational model wikipedia , lookup

Database wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Open Database Connectivity wikipedia , lookup

Database model wikipedia , lookup

ContactPoint wikipedia , lookup

Clusterpoint wikipedia , lookup

Transcript 
ADO.NET AND STORED
PROCEDURES
- Swetha Kulkarni
RDBMS
ADO.NET Provider





SqlClient
OracleClient
OleDb
ODBC
SqlServerCE
Application
Dataset
•
•
•
•
•
System.Data.SqlClient
System.Data.OracleClient
System.Data.OleDb
System.Data.Odbc
System.Data.SqlServerCe
RDBMS
ADO.NET Provider
Connection
Application
Dataset
RDBMS
ADO.NET Provider
Connection
Dataadapter
Dataadapter
Application
Dataset
Datatable
Datatable
ADO.NET Objects
System.Data
DataSet
DataTable



In-memory cache of a database table
Used to manipulate a row in a DataTable

Used to define the columns in a DataTable

Used to relate 2 DataTables to each other

DataRow
DataColumn
DataRelation
Contains the “main” classes of ADO.NET
In-memory cache of data
Benefits of Stored Procedures




Stored procedures pass less information over the
network on the initial request. Hence faster
Parameterized stored procedures that validate all user
input can be used to thwart SQL injection attacks
Errors can be handled in procedure code without being
passed directly to client applications
Stored procedures can be written once, and accessed by
many applications
Security Overview – ADO.NET

Design for Security
-

Threat Modeling
The Principle of Least Privilege
Authentication

If possible, use Windows authentication
 SqlConnection
pubsConn = new SqlConnection(
"server=dbserver; database=pubs; Integrated
Security=SSPI;");

If you use SQL authentication, use strong passwords
 SqlConnectionString
= "Server=YourServer\Instance;
Database=YourDatabase; uid=sa; pwd=;"

Consider Which Identity to Use to Connect to the
Database
Ownership chain
Authorization

Restrict Unauthorized Code

Restrict Application Access to the Database
Configuration and Connection Strings


Avoid Credentials in Connection Strings
Store Encrypted Connection Strings in Configuration
Files
<connectionStrings>
<add name="MyDatabaseConnection" connectionString="Persist Security
Info=False;Integrated Security=SSPI;database=Northwind;server=(local);"
providerName="System.Data.SqlClient" />
</connectionStrings>


Do Not Use Persist Security Info="true" or "yes"
Avoid Connection Strings Constructed With User
Input
Exception Management




Use Finally Blocks to Make Sure that Database
Connections Are Closed
Consider Employing the Using Statement to Make Sure
that Database Connections Are Closed
Avoid Propagating ADO.NET Exceptions to Users
In ASP.NET, Use a Generic Error Page , Log exceptions
on the server
Secure Data Access




Authentication, Authorization and Permissions
Parameterized Commands and SQL Injection
Script Exploits
Probing Attacks
Privacy and Data Security

Cryptography and Hash Codes

Encrypting Configuration Files

Securing String Values in Memory
Best Practices – Stored Procedures




Grant EXECUTE permissions for database roles
Revoke or deny all permissions to the underlying
tables for all roles and users in the database
Do not add users or roles to the sysadmin or
db_owner roles
Disable the guest account. This will prevent
anonymous users from connecting to the database
References



http://www.guidanceshare.com/wiki/ADO.NET_2.0
_Security_Guidelines
http://msdn.microsoft.com/enus/library/ms971481.aspx
http://msdn.microsoft.com/enus/library/bb669058.aspx
Thank You
Related documents
ADO.net
ADO.net
Introduction to ASP.NET
Introduction to ASP.NET
World Regions Geography 132
World Regions Geography 132
Introduction to ADO.NET - University of South Florida
Introduction to ADO.NET - University of South Florida
ADO Connect
ADO Connect
Course Slides Link - Talk-IT
Course Slides Link - Talk-IT
ADO.NET - Radford University
ADO.NET - Radford University
View the PowerPoint presentation
View the PowerPoint presentation
For All Events, May 2014 - African
For All Events, May 2014 - African
Bradley
Bradley
Love Will Keep Us Together
Love Will Keep Us Together
Love Will Keep Us Together
Love Will Keep Us Together
Document Your Access Database With Visual Basic
Document Your Access Database With Visual Basic
ADO.NET connections
ADO.NET connections
Introduction to ADO
Introduction to ADO
What Is ADO.NET?
What Is ADO.NET?
ADO .Net Overview - University of South Alabama
ADO .Net Overview - University of South Alabama
Overview of Database Access in .Net
Overview of Database Access in .Net
Can this query be executed and is it useful (according to the
Can this query be executed and is it useful (according to the
ADO.NET Powerpoint Presentation
ADO.NET Powerpoint Presentation
ActiveX Data Objects (ADO)
ActiveX Data Objects (ADO)
ADO.NET - iba-s1
ADO.NET - iba-s1