General Security Considerations
Use only trusted data source providersEncrypt the connection to protect sensitive data
Secure the connection string
Run applications with minimum permissions
Do not install untrusted applications
Restrict access to configuration files
For Queries
Prevent SQL Injection attacksPrevent very large result sets
Avoid returning IQueryable results when exposing methods to clients
For Entities
Do not share an ObjectContext across application domainsPrevent type safety violations
Handle exception
For ADO.NET metadata
Do not expose sensitive information through loggingDo not accept MetadataWorkspace objects from untrusted sources
http://msdn.microsoft.com/en-us/library/vstudio/cc716760%28v=vs.100%29.aspx
0 comments:
Post a Comment