G
Guest
What's the best way of having a .NET application interact with SQL server
without compromising security? Here's my issue:
Let's say you want a user to be able to read, write, and delete records from
a SQL Server table. It's simple enough to give the user logon credentials on
SQL Server allowing them to do just that. Then, a .NET application can use
those credentials to consume the data. But let's say that same user has some
saavy and uses his/her credentials with SQL Server Management Studio for the
purposes of evil?
Alternatively, you could use your own credentials to logon to the SQL Server
from within the application preventing the user from using a tool like SSMS.
However, then you're storing your credentials within application code which
could be dissected and recovered (unless obfuscated).
Or maybe write a "middle tier" that alone interacts with the SQL Server. The
application would only have to leverage the middle tier's own security scheme
and not SQL Servers.
What's the best way?
without compromising security? Here's my issue:
Let's say you want a user to be able to read, write, and delete records from
a SQL Server table. It's simple enough to give the user logon credentials on
SQL Server allowing them to do just that. Then, a .NET application can use
those credentials to consume the data. But let's say that same user has some
saavy and uses his/her credentials with SQL Server Management Studio for the
purposes of evil?
Alternatively, you could use your own credentials to logon to the SQL Server
from within the application preventing the user from using a tool like SSMS.
However, then you're storing your credentials within application code which
could be dissected and recovered (unless obfuscated).
Or maybe write a "middle tier" that alone interacts with the SQL Server. The
application would only have to leverage the middle tier's own security scheme
and not SQL Servers.
What's the best way?