|
|
This chapter covers key data access security issues and solutions. Some relate to the use of SQL Server while others apply to any data store. Read this chapter to help you:
Choose between Microsoft® Windows® operating system authentication and SQL authentication when connecting to SQL Server™.
Store connection strings securely.
Decide whether to flow the original caller’s security context through to the database.
Take advantage of connection pooling.
Protect against SQL injection attacks.
Store credentials securely within a database.
The chapter also presents various trade offs that relate to the use of roles, for example, roles in the database versus role logic applied in the middle tier. Finally, a set of core recommendations for data access are presented.
|
|