Friday, December 26, 2008

SQL Server Security

Here is the list of SQL Server security issue that you must know in your project, please read this basic point carefully and implement in your project for making a secure website.
a) SQL Injection security
  1. Input data must be in correct format.
  2. We must use stored procedure in our database, if we are not using stored procedure then we must safe parameter of SQL commands
  3. We must use four stored procedure for a table insert, update, delete and read.
b) Authentication
  1. The “sa” account or other privileged accounts that are members of the “sysadmin” or “db_owner” roles are not used for application logins.
  2. Strong password required for authentication.
  3. Connection string must be encrypted and must be stored in a secure location

c) Authorization
  1. We must use business logic layer or tire architecture in our application for security purpose.
  2. For multiple queries we must use commit and rollback transaction.
e) Configuration management
  1. Windows authentication is used to avoid credential management.
f) Sensitive Data
  1. Security of sensitive data in necessary that include password and other things.
g) Error Handling
  1. Proper error handing is necessary in the stored procedure.
For more security detail please knock MSDN.



0 Responses to "SQL Server Security"

Copyright 2009 All Rights Reserved Shakti Singh Dulawat