Wednesday, January 1, 2014

Security Considerations for Entity Framework

General Security Considerations

Use only trusted data source providers
Encrypt the connection to protect sensitive data
Secure the connection string
Run applications with minimum permissions
Do not install untrusted applications
Restrict access to configuration files

For Queries

Prevent SQL Injection attacks
Prevent very large result sets
Avoid returning IQueryable results when exposing methods to clients


For Entities

Do not share an ObjectContext across application domains
Prevent type safety violations
Handle exception

For ADO.NET metadata

Do not expose sensitive information through logging
Do not accept MetadataWorkspace objects from untrusted sources
 
 
http://msdn.microsoft.com/en-us/library/vstudio/cc716760%28v=vs.100%29.aspx

0 comments:

Post a Comment

Powered by Blogger.


Software Architect at Surge Global/ Certified Scrum Master

Experienced in Product Design, Software Engineering, Team management and Practicing Agile methodologies.

Search This Blog

Facebook