Securing Your Code in the .NET Framework
.NET has implemented security features within the System.Security namespace classes. In addition however, as programmers we should always be familiar with ways to secure our code from attackers. These secure coding principles are just basic ways that we can protect our code.
1. Use Parameters to Pass Data
Using parameters to pass data to your SQL statements in your DataAccess Layer is a way to guard against SQL injection and use checks and validation. It also speeds up the query execution by matching the data passed directly instead of rolling through every possible value. Tip: When validating parameters, never use a input field that accepts For Example: " SELECT * FROM useraccouts WHERE user='user' " I forbid all uses of the apostrophe. This protects from sequel injection. I would instead use: "WHERE user=@user"
2. Protect your Libraries
SQL should never be available direct from a browser. A library is a direct route into your resources and is therefore, at risk to expose all of your information. Libraries should be accessed through your API with demand for permissions.