Security for Microsoft Visual Basic .NET
|
The core database security concepts are exactly the same as the concepts for securing an application, securing Microsoft Windows, and securing most things: authenticate, authorize, and lock down. These concepts can be summarized as follows:
-
Authenticate Make sure only valid users and trusted systems can access the database. Capture the identity of every person or system that uses the database.
-
Authorize Ensure that each user or system can only create, read, update, or delete the information they are permitted to access.
-
Lock down Close back doors, apply security patches, and disable other means of accessing the database so that the only users who have been authenticated and authorized can use the database.
Implementing each of these concepts has its challenges. How do you authenticate users when they’re using the system anonymously through a Web browser? How do you limit access to a table so that users can see only particular rows? What things should you do to lock down a Microsoft SQL Server or Microsoft Access database?
|