Reputation: 697
Security practices for SQL Server & C# with limited database access
I have a project that I am working on that is essentially a self service database restoration / backup tool for client machines that run a database locally on their machines and contain sensitive information. Due to the nature of the business, and the amount of clients we have I simply cannot create stored procedures to use on the database with the program I am creating.
I am aware that using raw SQL statements in string format is highly susceptible to injection attacks. But with limited access to a database (essentially just to restore and back-up the database) I am asking what is the most effective and secure method to run these commands without compromising security?
Clients would simply choose the option "restore" or "backup" and the backup would only create a full copy-only backup of the database. The file location for both the backup and the restore would be set in the code an be unmodifiable.
Upvotes: 0
Views: 68
Answers (1)
Related Questions
- integrated security vs. password in code - small .net app with some SQL writing
- Database Security in Winform application
- Security with software accesing db?
- Best Practice for Connecting ASP.NET to SQL Server
- Sql Server Database Security On Application Level?
- How do you secure your sql servers accessed by C# applications
- Securing access to SQL Server data
- SQL Server and Security
- How to ensure DB security for a Windows Forms application?
- Public ASP.NET Application Security Considerations