The Ins and Outs of Secure Data Access Jørgen Thyme Developer & Platform Strategy Group, Microsoft...
-
date post
19-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of The Ins and Outs of Secure Data Access Jørgen Thyme Developer & Platform Strategy Group, Microsoft...
The Ins and Outs of The Ins and Outs of Secure Data AccessSecure Data Access
Jørgen ThymeJørgen ThymeDeveloper & Platform Strategy Group, MicrosoftDeveloper & Platform Strategy Group, Microsoft
[email protected]@microsoft.comwww.rolighed.net/weblogwww.rolighed.net/weblog
Today's AgendaToday's Agenda
Best practices for building well-designed, Best practices for building well-designed, secure, data-driven, smart client applicationssecure, data-driven, smart client applications
Session 1: Designing and building smart Session 1: Designing and building smart clientsclients
Patterns and practices for smart clients, IssueVision
Session 2: Securing smart client Session 2: Securing smart client applicationsapplications
Tips for secure data, CAS, encryption, and more
Session 3: The ins and outs of secure Session 3: The ins and outs of secure data accessdata access
Best practices for smart client data, offline data
Session 4: Deploying and maintaining Session 4: Deploying and maintaining smart clientssmart clients
Tips for deploying and updating apps to avoid “DLL Hell”
Session AgendaSession AgendaA look at data In IssueVisionA look at data In IssueVision
Drill-Down: Design choices for secure Drill-Down: Design choices for secure data data
Summary: Best practices for secure Summary: Best practices for secure datadata
Drill Down:Drill Down:Design Choices for Secure Design Choices for Secure DataDataStored proceduresStored procedures
Database credentialsDatabase credentials
DataSet vs. custom objectsDataSet vs. custom objects
ConcurrencyConcurrency
Input validationInput validation
Retrieve data via Retrieve data via Web servicesWeb services
Offline DataOffline Data
Stored ProceduresStored Procedures
Many benefits to stored proceduresMany benefits to stored proceduresHigher performance for complex queriesHigher performance for complex queriesMore secureMore secureCan reduce network trafficCan reduce network traffic
Batch SQL commands, encapsulate Batch SQL commands, encapsulate transactionstransactions
Easier to maintain than prepared queriesEasier to maintain than prepared queriesEncapsulates DB designEncapsulates DB design
Security Tips:Security Tips:Parameterize queries and stored Parameterize queries and stored proceduresprocedures
Helps avoid SQL injection attacksHelps avoid SQL injection attacks
Grant access Grant access onlyonly to stored procedures, to stored procedures, not the data tablesnot the data tables
Application or User Application or User CredentialsCredentials
Application-level credentialsApplication-level credentials+ Better performanceBetter performance
Takes advantage of ADO.NET connection Takes advantage of ADO.NET connection poolingpooling
+ Easier to implementEasier to implement– No per-user permissions or auditing in No per-user permissions or auditing in
databasedatabase
Per-user credentialsPer-user credentials+ Fine-grained audit and permissions in Fine-grained audit and permissions in
databasedatabase– Can’t use connection pooling Can’t use connection pooling – Impersonation must be relayed through Impersonation must be relayed through
each application tiereach application tier
DataSet vs. Custom ObjectDataSet vs. Custom Object
Custom data objectsCustom data objectsDeveloper has full control over Developer has full control over implementationimplementation
Can be more lightweight than DataSetCan be more lightweight than DataSet
Ideal for single-instance, non-tabular dataIdeal for single-instance, non-tabular data<Serializable()> Public Class UserSettings Private m_username As String Private m_password As String
Public Property Username() As String Get Return m_username End Get Set(ByVal Value As String) m_username = Value End Set End Property ...
DataSets and ADO.NETDataSets and ADO.NETADO.NET: Separates data access from ADO.NET: Separates data access from working with dataworking with data
DataSetDataSetDataTableDataTable
•Relational (tabular) model•Highest performance•Fully exposes database functionality•Can pass to between tiers
SQLXML inSQLXML inADO.NETADO.NET
•Interop format for the Web – B2B, A2A•Sparse (semi-structured) data •XML Services e.g. XQuery, XSD
ObjectSpacObjectSpaceses
•Coming in Whidbey timeframe!•Business objects with relational mapping
Drill Down:Drill Down:Design Choices for Secure Design Choices for Secure DataData
Stored proceduresStored procedures Database credentialsDatabase credentials DataSet vs. custom DataSet vs. custom
objectsobjects
ConcurrencyConcurrency
Input validationInput validation
Retrieve data via Retrieve data via Web servicesWeb services
Offline DataOffline Data
Managing ConcurrencyManaging Concurrency
Concurrency is the policy by which updates Concurrency is the policy by which updates from multiple users to the same data are from multiple users to the same data are managedmanaged
Optimistic concurrencyOptimistic concurrencyLooks for changes to original data before Looks for changes to original data before updatingupdating
Best choice for most Smart Client applicationsBest choice for most Smart Client applications
““Last In Wins”Last In Wins”Last update overwrites all previous updates Last update overwrites all previous updates
Scales well, but provides no assurance of data Scales well, but provides no assurance of data integrityintegrity
Pessimistic concurrencyPessimistic concurrencyLocks the record for a single userLocks the record for a single user
Highest assurance of data integrityHighest assurance of data integrity
Scales poorly, negatively impacts performanceScales poorly, negatively impacts performance
Tools for Optimistic Tools for Optimistic ConcurrencyConcurrency
Data Adapter Configuration WizardData Adapter Configuration WizardSaves a lot of coding effort when using Saves a lot of coding effort when using DataSetDataSet
Generates DAL component and Generates DAL component and optimistically concurrent CRUD stored optimistically concurrent CRUD stored proceduresprocedures
Optionally, a typed dataset for the Optionally, a typed dataset for the selected tablesselected tables
Reconciling Offline Reconciling Offline ChangesChanges
DataAdapter.Update() methodsDataAdapter.Update() methodsHasChanges(), GetChanges(), DiffGramHasChanges(), GetChanges(), DiffGramSupports ADO.NET transactionsSupports ADO.NET transactionsBest for:Best for:
Single database applications, Web services Single database applications, Web services datadata
SQL Merge ReplicationSQL Merge ReplicationReplicate local MSDE data to a central Replicate local MSDE data to a central serverserverUses resolver logic to handle conflictsUses resolver logic to handle conflictsBest for:Best for:
Reconciling large numbers of conflictsReconciling large numbers of conflictsBatch updates of “branch office” dataBatch updates of “branch office” data
Tip: Offline application Tip: Offline application blockblock
Provide loose coupling between components.
Abstract the management of connection state from the application.
Provide the same programming model for the application in both online and offline
Provide extensible interfaces for capabilities such as connection detection, and queuing.
Incorporate design patterns.
Optimistic Concurrency Optimistic Concurrency & Handling Conflicts& Handling Conflicts
Part 1 – Concurrency Wizard / Connect to dataPart 1 – Concurrency Wizard / Connect to data
Optimistic Concurrency Optimistic Concurrency & Handling Conflicts& Handling Conflicts
Part 2 – Updating dataPart 2 – Updating data
Optimistic Concurrency Optimistic Concurrency & Handling Conflicts& Handling Conflicts
Part 3 – Detecting and Resolving ConflictsPart 3 – Detecting and Resolving Conflicts
Drill Down:Drill Down:Design Choices for Secure Design Choices for Secure DataData
Stored proceduresStored procedures Database credentialsDatabase credentials DataSet vs. custom objectsDataSet vs. custom objects ConcurrencyConcurrency
Input validationInput validation
Retrieve data via Retrieve data via Web servicesWeb services
Offline DataOffline Data
Ensuring Valid User InputEnsuring Valid User Input
Client validationClient validationHandle OnRowChanging, Handle OnRowChanging, OnColumnChanging OnColumnChanging
Encapsulates validation with the dataEncapsulates validation with the data
Good for cross-field validation within one row Good for cross-field validation within one row of dataof data
Server validationServer validationAlways re-validate client input on the Always re-validate client input on the serverserver
Tip: Tip: validate input in business logic tiervalidate input in business logic tier
Alternative: SQL triggers and SQL-DDLAlternative: SQL triggers and SQL-DDLReduces DB traffic, but requires special skillsReduces DB traffic, but requires special skills
Retrieve Data Via a Web Retrieve Data Via a Web ServiceService
Batch data operations on Batch data operations on clientclient
Subject class does the workSubject class does the work
DataSet excels as data + DataSet excels as data + state formatstate format
Data access and business Data access and business logic reside in the app server logic reside in the app server tiertier
Tips for service-based dataTips for service-based data: : Limit transaction boundaries Limit transaction boundaries to the app server and to the app server and databasedatabase
Simpler, more maintainable Simpler, more maintainable logiclogic
Invoke services Invoke services asynchronously forasynchronously forbest client UI responsivenessbest client UI responsiveness
Drill Down:Drill Down:Design Choices for Secure Design Choices for Secure DataData
Stored proceduresStored procedures Database credentialsDatabase credentials DataSet vs. custom objectsDataSet vs. custom objects ConcurrencyConcurrency Input validationInput validation Retrieve data via Retrieve data via
Web servicesWeb services
Offline DataOffline Data
When Offline Data Makes When Offline Data Makes SenseSense
Offline data makes sense for…Offline data makes sense for…Truly offline workTruly offline work
In the field, or on an airplane–not wireless!In the field, or on an airplane–not wireless!
Low-contention, easily-partitioned dataLow-contention, easily-partitioned dataExample: my email—vs. all the email on the Example: my email—vs. all the email on the serverserver
Modifying small amounts of dataModifying small amounts of data
TipTip::Limit the size of in-memory datasets for Limit the size of in-memory datasets for good client performancegood client performance
Under 2MB for most applicationsUnder 2MB for most applications
Where to Store Offline Where to Store Offline DataData
Environment.SpecialFolder.LocalApplicationDaEnvironment.SpecialFolder.LocalApplicationDatata
Best choice for non-document dataBest choice for non-document data
Company Name, Product Name, Version Company Name, Product Name, Version
Isolated StorageIsolated StorageViable alternative for partial-trust applicationsViable alternative for partial-trust applications
Secure from other internet appsSecure from other internet apps
{userfiles}\My Documents{userfiles}\My Documents Only document dataOnly document data
TipTip: : Never store user data to Program Files! Never store user data to Program Files!
Forces application to run with Admin privilegesForces application to run with Admin privileges
Large Amounts of Offline Large Amounts of Offline DataData
Use MSDEUse MSDERoyalty-free desktop SQL engineRoyalty-free desktop SQL engine
Downside: additional app to deploy to Downside: additional app to deploy to clientclient
Best for…Best for…Reference data, like product catalogReference data, like product catalog
Working with large amounts of dataWorking with large amounts of data
““Branch Office” databasesBranch Office” databasesSQL Server Merge Replication replicates SQL Server Merge Replication replicates local MSDE data to a central SQL Server local MSDE data to a central SQL Server
Requires LAN or VPN connectionRequires LAN or VPN connection
Best Practices for Secure Best Practices for Secure DataData
Use stored procedures, if possibleUse stored procedures, if possible
Grant access to the stored procedures Grant access to the stored procedures onlyonly
Use optimistic concurrencyUse optimistic concurrency
For disconnected data, consider using For disconnected data, consider using DataSetDataSet
Includes nice support for reconciling Includes nice support for reconciling offline changesoffline changes
Store offline data in Store offline data in LocalApplicationDataLocalApplicationData
Consider MSDE for large amounts of Consider MSDE for large amounts of offline dataoffline data
ResourcesResourcesData Patterns and PracticesData Patterns and Practicesmsdn.microsoft.commsdn.microsoft.com/practices/type/Patterns/Data/practices/type/Patterns/Data
Data Access OverviewData Access Overviewmsdn.microsoft.com/vbasic/using/undersmsdn.microsoft.com/vbasic/using/understanding/datatanding/data