Checklist: Securing Data Access

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

patterns & practices Developer Center

Improving Web Application Security: Threats and Countermeasures

J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Microsoft Corporation

Published: June 2003

Applies to:

  • ADO.NET 1.1

See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.

See the Landing Page for the starting point and a complete overview of Improving Web Application Security: Threats and Countermeasures.

Contents

How to Use This Checklist SQL Injection Checks Authentication Authorization Configuration Management Sensitive Data Exception Management Deployment Considerations

How to Use This Checklist

This checklist is a companion to Chapter 14, "Building Secure Data Access" and Chapter 16, "Securing Your Database Server." Use it to help you build secure data access, or as a quick evaluation snapshot of the corresponding chapters.

This checklist should evolve with secure data access practices that you discover during software development.

SQL Injection Checks

Check Description
Ff648227.z02bthcm01(en-us,PandP.10).gif Input passed to data access methods that originates outside the current trust boundary is constrained.

Sanitization of input is only used as a defense in depth measure.

Ff648227.z02bthcm01(en-us,PandP.10).gif Stored procedures that accept parameters are used by data access code. If stored procedures are not used, type safe SQL parameters are used to construct SQL commands.
Ff648227.z02bthcm01(en-us,PandP.10).gif Least-privileged accounts are used to connect to the database.

Authentication

Check Description
Ff648227.z02bthcm01(en-us,PandP.10).gif Windows authentication is used to connect to the database.
Ff648227.z02bthcm01(en-us,PandP.10).gif Strong passwords are used and enforced.
Ff648227.z02bthcm01(en-us,PandP.10).gif If SQL Server authentication is used, the credentials are secured over the network by using IPSec or SSL, or by installing a database server certificate.
Ff648227.z02bthcm01(en-us,PandP.10).gif If SQL Server authentication is used, connection strings are encrypted by using DPAPI and are stored in a secure location.
Ff648227.z02bthcm01(en-us,PandP.10).gif Application connects using a least-privileged account. The sa account or other privileged accounts that are members of the sysadmin or db_owner roles are not used for application logins.

Authorization

Check Description
Ff648227.z02bthcm01(en-us,PandP.10).gif Calling users are restricted using declarative or imperative principal permission checks (normally performed by business logic).
Ff648227.z02bthcm01(en-us,PandP.10).gif Calling code is restricted using identity permission demands in scenarios where you know and want to limit the calling code.
Ff648227.z02bthcm01(en-us,PandP.10).gif Application login is restricted in the database and can only execute selected stored procedures. Application's login has no direct table access.

Configuration Management

Check Description
Ff648227.z02bthcm01(en-us,PandP.10).gif Windows authentication is used to avoid credential management.
Ff648227.z02bthcm01(en-us,PandP.10).gif Connection strings are encrypted and encrypted data is stored securely, for example, in a restricted registry key.
Ff648227.z02bthcm01(en-us,PandP.10).gif OLE DB connection strings do not contain Persist Security Info="true" or "yes".
Ff648227.z02bthcm01(en-us,PandP.10).gif UDL files are secured with restricted ACLs.

Sensitive Data

Check Description
Ff648227.z02bthcm01(en-us,PandP.10).gif Sensitive data is encrypted in the database using strong symmetric encryption (for example, 3DES).
Ff648227.z02bthcm01(en-us,PandP.10).gif Symmetric encryption keys are backed up and encrypted with DPAPI and stored in a restricted registry key.
Ff648227.z02bthcm01(en-us,PandP.10).gif Sensitive data is secured over the network by using SSL or IPSec.
Ff648227.z02bthcm01(en-us,PandP.10).gif Passwords are not stored in custom user store databases. Password hashes are stored with salt values instead.

Exception Management

Check Description
Ff648227.z02bthcm01(en-us,PandP.10).gif ADO.NET exceptions are trapped and logged.
Ff648227.z02bthcm01(en-us,PandP.10).gif Database connections and other limited resources are released in case of exception or completion of operation.
Ff648227.z02bthcm01(en-us,PandP.10).gif ASP.NET is configured with a generic error page using the <customErrors> element.

Deployment Considerations

Check Description
Ff648227.z02bthcm01(en-us,PandP.10).gif Firewall restrictions ensure that only the SQL Server listening port is available on the database server.
Ff648227.z02bthcm01(en-us,PandP.10).gif A method for maintaining encrypted database connection strings is defined.
Ff648227.z02bthcm01(en-us,PandP.10).gif The application is configured to use a least-privileged database login.
Ff648227.z02bthcm01(en-us,PandP.10).gif SQL server auditing is configured. Failed login attempts are logged at minimum.
Ff648227.z02bthcm01(en-us,PandP.10).gif Data privacy and integrity over the network is provided with IPSec or SSL.

patterns & practices Developer Center

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

© Microsoft Corporation. All rights reserved.