Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: database security WinForm , +
Dear all,
 
I have puzzled myself over data communications from winforms to the SQL server database.
 
Here is the scenario:
 
I am developing a windows application which I will be publishing via ClickOnce technology.
Therefore, the client resides on user PC and the data will be communicated to a SQL server database on the internet somewhere.
 
I am concerned for the data security of the data transmitted from the user PC to the database.
 
Can anyone shed some light on how to secure the data.
 
FYI: I can implement a data layer which has the connection string to the SQL server. If required, I can also implement web services, etc etc.
I am open to all suggestions.
 
Thanks.
 
Regards,
Nayan
Posted 30-Apr-13 13:58pm
Comments
Sergey Alexandrovich Kryukov at 30-Apr-13 19:09pm
   
Not clear what are you concerns. This is not even a question.
—SA
Nayan Ambaliya at 30-Apr-13 19:21pm
   
My question is:
 
How should I secure the data communication from the client to the database (sitting on the internet MS SQL Server)
Should it be normal connection string in a dll or should it be a web service with https etc etc.
I hope this makes you understand my question.
 
Regards,
Nayan
ThePhantomUpvoter at 30-Apr-13 21:34pm
   
Well does not help me at all. What, exactly, is the concern? What is the specific problem that you are trying to solve? How do you think that a connection string in a DLL somehow secures your data? What benefit do you think a web service provides to you? What do you think is wrong with the SQL Server security?
Nayan Ambaliya at 30-Apr-13 21:45pm
   
Ok, I think I am confusing you... Let's see this another way:
 
Scenario:
 
The client application is on the user PC and the SQL server database sits on a server on the internet somewhere. The data is saved, updated and deleted from the client application to the SQL server database.
 
My concern:
 
Whenever the user either saves, updates or deletes the data, the data sent to the SQL server database will be in plain text format. I need to secure this data during transit.
 
Can anyone provide me with different options...
 
Thanks.
 
Regards,
Nayan
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

I suggest that you look into WCF and Web Services.
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

WCF might be a good option for you. You can take advantage of the attributes that WS-Security provides – it describes how to handle security issues within the SOAP messages. WS-Security assigns the signature and encryption information as well as the security tokens to the SOAP messages. Besides offering the traditional HTTP/HTTPS authentications, it also incorporates extra security features in the header of the SOAP message, working in the application layer.
 
For more information on WS-Security, you can visit this MSDN site: http://msdn.microsoft.com/en-us/library/ms977327.aspx
 
Good luck!
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

Thanks everyone for the solutions...
This has certainly opened up my direction..
Thanks again..
 
Cheers,
Nayan
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 515
1 Maciej Los 349
2 Richard MacCutchan 220
3 BillWoodruff 209
4 Mathew Soji 160
0 OriginalGriff 8,654
1 Sergey Alexandrovich Kryukov 7,407
2 DamithSL 5,639
3 Maciej Los 5,229
4 Manas Bhardwaj 4,986


Advertise | Privacy | Mobile
Web02 | 2.8.1411023.1 | Last Updated 30 Apr 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100