CODEWITHSUNDEEP
c#asp.netvisual-studiovisual-studio-2010
user559142
user559142

Reputation: 12517

Security Behind Linq to SQL

I'm new at Visual C# and the .NET framework but have a fair amount of experience in LAMP development. I was wondering about the security of linq to sql communication.

Usually when doing it the LAMP way, measures such as using a service layer were used partially to increase the security of the system not exposing the database authentication details over http.

Having gone through a few recommended (by microsoft) linq->sql tutorials, it seems as if the client-side application (through a web application) is interacting directly with the database. This doesn't seem very efficient or secure....

I would like to know the following hings:

1) What measures exist in .NET to allow for secure communication between client-side and server side apps?

2) Are there any preinstalled service-layer frameworks to work with in .NET?

3) Is it possible to manually use http request methods (POST/GET) in order to send data from a c# web application to a remote SQL Server database?

Upvotes: 2

Views: 783

Answers (2)

Jon Hanna
Jon Hanna

Reputation: 113242

You could refer to a LINQ system as a "client" in relation to the database, but that would be like referring to the PHP part of a LAMP application as the "client" in relation to the database - completely true but slightly misleading. In terms of the overall client - the browser - LINQ no more exposes authentication details than LAMP does.

  1. Which "client" do you mean here. In terms of the browser the main mechanism is that the browser doesn't know what on earth you are doing. It won't even know it is LINQ unless you're the sort of person who likes putting "Powered by..." images on your webpage. In terms of the client to the database, there are several authentication models (user/pass, NTLM, Kerberos and I think some more) and you can use SSL and IPSec on the connection between the webserver and the database server.

  2. You mean like MVC and WCF?

  3. Yes, there has been since SQL2000, see http://msdn.microsoft.com/en-us/library/aa226553%28v=sql.80%29.aspx though I don't think it's very popular. This has nothing to do with LINQ which would connect to SQL through 1433 using its native protocol, and perhaps be used to build a website that allowed restricted operations rather than manual manipulation of server over HTTP.

Upvotes: 0

shrutyzet
shrutyzet

Reputation: 529

In an ASP.NET application all the C# code you write is executed on the server(server-side), and after it is executed the page is sent to the client(browser). Client-side code refers to javascript. Database details are not sent to the client.

Upvotes: 2

Related Questions