Asp.net 3.5 Security

Question

0.00/5 (No votes)

See more:

Hello to all
-------------------
I build web application in Asp.net 3.5 by using c# and use sql server 2008 database
now i will publish this web application with the database to server host by buy domain
are This Secure (note the information database very important)

I afraid any one such as hacker Know the connection string from the website by analyze it by any way such as save the website or any way give you the source the web site
I afraid any one such as hacker inter to the database by any way
I afraid any one such as hacker change database information

what must I do
--------------------
Please Help My

Posted 8-Feb-13 19:48pm

ahmed hussein khazal

Updated 8-Feb-13 19:53pm

v2

Add a Solution

Comments

Sergey Alexandrovich Kryukov 9-Feb-13 2:16am

With ASP.NET, you can totally isolate direct database access; there is nothing to worry about. I don't even understand what should need explanations; if you know how ASP.NET works...

However, this is not all about security, so I'm not answering. It's a pretty big topic. I only say the particular problems you are talking about do not even exist.

—SA

ahmed hussein khazal 9-Feb-13 2:32am

Thank You to your fast answer
I beginner in asp.net
and I need know
if I publish the web application can any one get code the code pages
example
if i do login password and its answer inside the code page asp can any one get it's answer

Sergey Alexandrovich Kryukov 9-Feb-13 2:34am

This is a different question though.
Will you accept my answer formally (green button)? — thanks.
—SA

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Accepted Answer · 2013-02-08T20:25:00

Please see my comment to the question.

I cannot discuss all security aspects here, I only want to prove that the problem of direct database account does not exist. You can isolate the database in different configurations, but, just for the proof, let me illustrate it on the simplest example.

You database and the database server don't even have to be connected to Internet. Consider the following simple configuration: you have a host with database server, and a separate host with HTTP server, which has two network adapters: one is connected to internet, and another one to LAN, where you have a database server. Your ASP.NET applications can access the database, but nobody from the Internet site can. Problem solved.

But in practice, even this is not strictly required. You can serve on different IP addresses on the same host, you can protect database access with some firewall, including a separate "hardware" firewall, and so on…

—SA