问题
I have never developed an application outside my companies system where we just rely on windows authentication from our domain, but I want to learn how to develop a secure application that I can connect to a remote database.
I know it is easier if I use ASP .Net because the data connections will be on server side, but I want to have a WPF application as well for administrative tasks.
Here is what i can think of for securely connecting to a database:
First have a SSL connection to the database always, have a default user/pass that is clear text in the config file of the program where it's only access is to a login procedure on the database where the user puts in there database credentials and the default user/pass will be connected to the db and pass the credentials that the user presented.
The procedure will then pass back a pair of credentials user/pass that the application will use for the remainder of the user logged in session. Is this a good way of approaching the issue? and also should I consider using a web service of WCF as the interface instead of direct connection?
回答1:
Why that complex? Just let the user enter the database user name and password and then try to connect to the server using a SSL conection. The server already has a full featured user management system, so there is no need to create a new one if you only need access for a few people.
来源:https://stackoverflow.com/questions/793932/securely-connecting-to-database-within-a-application