安全的数据库连接。 DAL .net 架构最佳实践
我们有多个应用程序安装在多个部门中,通过内联网与数据库进行交互。用户倾向于使用弱密码或将登录名/密码存储在一张纸上,让每个人都可以看到。我担心登录名/密码泄露&想要尽量减少后果。通过隐藏数据库服务器以防止 Intranet 访问来最小化数据库服务器的攻击面也是一个好主意。
我正在考虑基于中间数据访问服务方法的安全性。它似乎比基于表或基于连接的数据库服务器更灵活。这种方法还允许对公共 Intranet 隐藏数据库服务器。
您会建议哪种 .net 技术和最佳实践?
预先感谢您!
We have several applications that are installed in several departments that interact with database via Intranet. Users tend to use weak passwords or store login/password written on a sheets of paper where everybody can see them. I'm worried about login/password leakage & want to minimize consequences. Minimizing database-server attack surface by hiding database-server from Intranet access would be a great idea also.
I'm thinking about intermediary data access service method-based security. It seems more flexible than table-based or connection-based database-server one. This approach also allows to hide database-server from public Intranet.
What kind of .net technologies and best practices would you suggest?
Thank in you in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
根据用户对数据库的访问类型,您可能会面临一场重大的艰苦战斗。在开始对中介层提供额外的安全性之前,首先要深入了解您允许用户使用其凭据执行的操作:
如果您觉得自己有一个可靠的设计,那么您可以开始考虑将数据库包装在代理/外观中以进行访问。请注意,这在性能、部署和安全性方面可能代价高昂,而且并不是一件容易做到的事情。关于此模式的一些建议:
Depending on the type of access your users have to the database, you might be looking at a significant uphill battle. Before you start layering additional security on the intermediaries, start by taking a long in-depth look at what you are allowing your users to do with their credentials:
If you feel you have a solid design there, then you can start looking at wrapping your DB inside of a broker/facade for access. Beware that this can be costly in terms of performance, deployment, and security and is not an easy thing to do. A few suggestions on patterns for this:
我认为没有必要通过将数据库移动到外部网络来保护数据库。相反,您可以通过限制帐户本身的权限来解决这些做法。数据访问不应是特定于用户的,而应利用具有在 Web 或应用程序配置文件中配置的加密连接字符串的系统帐户。
用户身份验证和授权应与数据库访问分开处理。
系统数据库帐户本身应该仅具有执行操作系统所需任务的权限。这意味着仅授予对应用程序执行的过程的访问权限,并可能授予对通过 LINQ to SQL 读取的任何表或视图的读取访问权限。
I do not believe it is necessary to secure the database by moving it to an outside network. Rather, you can solve these practices by limiting the privileges of the accounts themselves. The data access should not be user specific, and instead leverage a system account with an encrypted connection string configured in the web or app config file.
User authentication and authorization should be handled separately from DB access.
The system DB account itself should ONLY have privileges to perform the tasks necessary to operate the system. This means only granting access to the procedures that the application executes, and possibly read access to any tables or views read through LINQ to SQL.