.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Security tips reqd for website database

Posted By:      Posted Date: April 10, 2011    Points: 0   Category :
I need to provide access to a SQL Server 2008 database to a website for a client. I haven't done this before and I'm looking for tips on security.

The website will be hosted on a server either in a DMZ or external to the network. Access to the SQL server will be through a Cisco router.
The network is a workgroup, not a domain. The website needs write access to one database.

The client wants enough flexibility that I can't restrict them to using stored procedures. It'll be their responsibility to ensure they don't wreck their database.

I'll give them datawriter permissions on that database, and enforce a strict password policy.

What other things should I do to safeguard the SQL server from the evils of the internet?

View Complete Post

More Related Resource Links

Publishing SQL Server Database using Publishing Wizard : Tips & Tricks

We can use SQL Server Publishing Wizard to deploy our local Database to remote hosting server/production server.This feature is available in SQL Server 2008/VWD 2008.

Below is the complete step by step guide of this process.

Performance tuning tips for database developers

Performance tuning is not easy and there aren't any silver bullets, but you can go a surprisingly long way with a few basic guidelines.

In theory, performance tuning is done by a DBA. But in practice, the DBA is not going to have time to scrutinize every change made to a stored procedure. Learning to do basic tuning might save you from reworking code late in the game.

Below is my list of the top 15 things I believe developers should do as a matter of course to tune performance when coding. These are the low hanging fruit of SQL Server performance - they are easy to do and often have a substantial impact. Doing these won't guarantee lightening fast performance, but it won't be slow either.

Asp.net web site security database


Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?

Someone help me.

Thank you.

Security Briefs: Using Protocol Transition-Tips from the Trenches


Now that Windows Server 2003 is widely deployed, Keith Brown addresses questions from readers who are trying to use protocol transition to build secure gateways into their intranets.

Keith Brown

MSDN Magazine January 2007

Review It: Expert Tips for Finding Security Defects in Your Code


Reviewing code for security defects is a key ingredient in the software creation process, ranking alongside planning, design, and testing. Here the author reflects over his years of code security reviews to identify patterns and best practices that all developers can follow when tracking down potential security loopholes. The process begins by examining the environment the code runs in, considering the roles of the users who will run it, and studying the history of any security issues the code may have had. After gaining an understanding of these background issues, specific vulnerabilities can be hunted down, including SQL injection attacks, cross-site scripting, and buffer overruns. In addition, certain red flags, such as variable names like "password", "secret," and other obvious but common security blunders, can be searched for and remedied.

Michael Howard

MSDN Magazine November 2003

Security Tips: Defend Your Code with Top Ten Security Tips Every Developer Must Know


There are many ways to get into trouble when it comes to security. You can trust all code that runs on your network, give any user access to important files, and never bother to check that code on your machine has not changed. You can run without virus protection software, not build security into your own code, and give too many privileges to too many accounts. You can even use a number of built-in functions carelessly enough to allow break-ins, and you can leave server ports open and unmonitored. Obviously, the list continues to grow. What are some of the really important issues, the biggest mistakes you should watch out for right now so that you don't compromise your data or your system? Security experts Michael Howard and Keith Brown present 10 tips to keep you out of hot water.

Michael Howard and Keith Brown

MSDN Magazine September 2002

unable to attach database, security setting?


Hi folks,

I am using VS 2010 Professional with SQL Server 2008 Developer.  I right click on the App_Data folder in solution explorer and add an existing item, then navigate to the correct database.  However, I receive a pop up that Access is Denied.  How do I fix this? 

Login database with visual studio 2010 asp website template


Has anyone deployed a website using the login database in the visual studio 2010 asp website template? I was wondering if I could look at someone's example to see how the integrated this into their website.

Post Website and database online


I know this is a simple thing but i  don´t how to.....

I have the website working on my pc .... but i want to get it online with the database.

Do i have to put debug to false to publish it?

thanks in advance for your patience Smile

Tips on using the SQL Server Security forum

I am collecting here a few tips on using this forum. The tips are actually pretty general, they're not really specific to SQL Server or to this particular SQL Server Security forum. 1. Verify that you are posting to the right forum. Check the list from http://forums.microsoft.com/MSDN/default.aspx?SiteID=1 to see whether there is a more appropriate forum for your discussion topic. By posting to the appropriate forum, you will be able to get an answer to your questions faster. 2. Try to avoid crossposting or posting the same issue several times. Do a search to see if your question was already answered. If you receive an answer on another forum, please update or remove your other posts on the same subject. 3. Please mark the posts that answer your questions using the "Mark as Answer" button. This will allow other readers to quickly identify the useful information in a thread. There can be more posts marked as answers in a single thread! 4. If you have posted on this forum but cannot find the post in it anymore, then it might have been moved to another forum. Check using the "My Threads" link: http://forums.microsoft.com/MSDN/User/MyForums.aspx?SiteID=1; it will show all the posts you've made and it will allow you to track a post that was moved to another forum. Also, consider enabling email notifications when a response is made to the threads you initiate. 5

Security problem with cross database chaining and stored procedures

I have a situation whereby ProcA exists on database A, but ProcA executes about 20 stored procedures scattered across different databases. To further complicate matters some procs that ProcA calls also call other procs in other databases, this then presents the problem of cross database chaining where you can’t really write to a database from a proc that resides in another database. I am wondering how I can get around this problem, I know I can simply let open cross database chaining and the problem will go away, the other option is to create a proxy which is very complicated and wouldn’t work in my environment. Is there any way around the problem.

How to send an email to a website and enter it into the database

Is there a way to send an email to a certain email address and have the message inserted into a database?  The subject would be intered into "Subject" table field and the message body would be inserted into the "Message" table field.Thanks.

Security In Website

Hi guys,This is my first time, i am going to put my software application online.It directly starts with logging in and does some financial processing.From the Security point of view, What all is required to be taken into consideration ?1) how can i encrypt all the information sent to the server from the client ?2) how can i make sure everything is secured and wht points should i take care of.Thank you all

Can I have an SQL Express database open in VS2010E along with the website? "Login failed for user ..

Hi, as the topic says..Whenever I have my database open in Visual Studio 2010 Express, I get this error:Cannot open user default database. Login failed.Login failed for user 'IIS APPPOOL\DefaultAppPool'.Cannot open user default database. Login failed.Login failed for user 'IIS APPPOOL\DefaultAppPool'.

Ajax enabled website and MSAcess Database

Hi i have problem while connecting to my MSAccess  Database in App_Data Folder in Ajax enabled website. How to bind Gridview with MsAcess Databse in Ajax enabled website???? Can u please help me , i m new to Ajax and Asp.net.   Thanks in Advance    

question about multi user website and security



i am developing a multi-user website using Dynamic Data and wondered if someone could answer the following or provide advice:

what is the best way of protecting data so someone (who has a login to the site) cannot see records intended ONLY to be viewable by another valid user?

as far as i can see a user can simply tamper with querystring or url values (if using routing) and bring up the details of records they should not.


any help qould be gratefully appreciated. i am drawing a blank so far and the easiest option may be to back to a traditional asp.net site where i can control things simply by use of a Session variable (UserID)



how to download Database in sql from Website Control panel ?


Dear Professionals.....

My control pannel doesn't has any option to download database so i want to download database from control panel. is there any way to download it ? any software,?

i'm a new user so please explained answer will be apperciated.



ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend