ADO.NET Security Recommendations

ADO.NET Security Recommendations concentrates on the following areas.
Authentication Modes 
Connection String Options
Authentication Modes
Use Windows Authentication over SQL Authentication 

1.       Security is easier to manage 

2.       User names and Passwords are not needed in Connection Strings 

3.       Logon Security Improves through password expiration periods, minimum lengths and account lockout after multiple invalid logon request. 

4.       Passwords are not sent as clear text over network


          Avoid Impersonation in the Middle-Tier for better connection Pooling


          Consider 2 Accounts for Impersonation - One account for Reads and Other for Writes


          Windows Authentication takes longer to Open pooled connection than SQL authentication


Connection String Options


          Connection string can be stored in  

1.       XML Configuration files

2.       UDL file for OLEDB Provider

3.       COM+ Catalog for serviced components

4.       Windows registry

5.       Custom files


          Use Windows Authentication It does not require password to be stored.


          Encrypt connection string in XML


          Can restrict access to connection string stored in registry by using ACLs and encrypting Data


          Set Persist Security Info to false to avoid security-sensitive details, such as the password from being returned by means of ConnectionString property of the SQLConnection or OleDbconnection.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.