Click here to Skip to main content
13,257,667 members (77,709 online)
Rate this:
Please Sign up or sign in to vote.
Dear all,

I have puzzled myself over data communications from winforms to the SQL server database.

Here is the scenario:

I am developing a windows application which I will be publishing via ClickOnce technology.
Therefore, the client resides on user PC and the data will be communicated to a SQL server database on the internet somewhere.

I am concerned for the data security of the data transmitted from the user PC to the database.

Can anyone shed some light on how to secure the data.

FYI: I can implement a data layer which has the connection string to the SQL server. If required, I can also implement web services, etc etc.
I am open to all suggestions.


Posted 30-Apr-13 13:58pm
Sergey Alexandrovich Kryukov 30-Apr-13 19:09pm
Not clear what are you concerns. This is not even a question.
Nayan Ambaliya 30-Apr-13 19:21pm
My question is:

How should I secure the data communication from the client to the database (sitting on the internet MS SQL Server)
Should it be normal connection string in a dll or should it be a web service with https etc etc.
I hope this makes you understand my question.

ThePhantomUpvoter 30-Apr-13 21:34pm
Well does not help me at all. What, exactly, is the concern? What is the specific problem that you are trying to solve? How do you think that a connection string in a DLL somehow secures your data? What benefit do you think a web service provides to you? What do you think is wrong with the SQL Server security?
Nayan Ambaliya 30-Apr-13 21:45pm
Ok, I think I am confusing you... Let's see this another way:


The client application is on the user PC and the SQL server database sits on a server on the internet somewhere. The data is saved, updated and deleted from the client application to the SQL server database.

My concern:

Whenever the user either saves, updates or deletes the data, the data sent to the SQL server database will be in plain text format. I need to secure this data during transit.

Can anyone provide me with different options...


Rate this: bad
Please Sign up or sign in to vote.

Solution 1

I suggest that you look into WCF and Web Services.
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

WCF might be a good option for you. You can take advantage of the attributes that WS-Security provides – it describes how to handle security issues within the SOAP messages. WS-Security assigns the signature and encryption information as well as the security tokens to the SOAP messages. Besides offering the traditional HTTP/HTTPS authentications, it also incorporates extra security features in the header of the SOAP message, working in the application layer.

For more information on WS-Security, you can visit this MSDN site:

Good luck!
Rate this: bad
Please Sign up or sign in to vote.

Solution 3

Thanks everyone for the solutions...
This has certainly opened up my direction..
Thanks again..


This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy |
Web04 | 2.8.171114.1 | Last Updated 30 Apr 2013
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100