The Ins and Outs of The Ins and Outs of Secure Data AccessSecure Data Access

Jørgen ThymeJørgen ThymeDeveloper & Platform Strategy Group, MicrosoftDeveloper & Platform Strategy Group, Microsoft

jorgenpe@microsoft.comjorgenpe@microsoft.comwww.rolighed.net/weblogwww.rolighed.net/weblog

Today's AgendaToday's Agenda

Best practices for building well-designed, Best practices for building well-designed, secure, data-driven, smart client applicationssecure, data-driven, smart client applications

Session 1: Designing and building smart Session 1: Designing and building smart clientsclients

Patterns and practices for smart clients, IssueVision

Session 2: Securing smart client Session 2: Securing smart client applicationsapplications

Tips for secure data, CAS, encryption, and more

Session 3: The ins and outs of secure Session 3: The ins and outs of secure data accessdata access

Best practices for smart client data, offline data

Session 4: Deploying and maintaining Session 4: Deploying and maintaining smart clientssmart clients

Tips for deploying and updating apps to avoid “DLL Hell”

Session AgendaSession AgendaA look at data In IssueVisionA look at data In IssueVision

Drill-Down: Design choices for secure Drill-Down: Design choices for secure data data

Summary: Best practices for secure Summary: Best practices for secure datadata

Drill Down:Drill Down:Design Choices for Secure Design Choices for Secure DataDataStored proceduresStored procedures

Database credentialsDatabase credentials

DataSet vs. custom objectsDataSet vs. custom objects

ConcurrencyConcurrency

Input validationInput validation

Retrieve data via Retrieve data via Web servicesWeb services

Offline DataOffline Data

Stored ProceduresStored Procedures

Many benefits to stored proceduresMany benefits to stored proceduresHigher performance for complex queriesHigher performance for complex queriesMore secureMore secureCan reduce network trafficCan reduce network traffic

Batch SQL commands, encapsulate Batch SQL commands, encapsulate transactionstransactions

Easier to maintain than prepared queriesEasier to maintain than prepared queriesEncapsulates DB designEncapsulates DB design

Security Tips:Security Tips:Parameterize queries and stored Parameterize queries and stored proceduresprocedures

Helps avoid SQL injection attacksHelps avoid SQL injection attacks

Grant access Grant access onlyonly to stored procedures, to stored procedures, not the data tablesnot the data tables

Application or User Application or User CredentialsCredentials

Application-level credentialsApplication-level credentials+ Better performanceBetter performance

Takes advantage of ADO.NET connection Takes advantage of ADO.NET connection poolingpooling

+ Easier to implementEasier to implement– No per-user permissions or auditing in No per-user permissions or auditing in

databasedatabase

Per-user credentialsPer-user credentials+ Fine-grained audit and permissions in Fine-grained audit and permissions in

databasedatabase– Can’t use connection pooling Can’t use connection pooling – Impersonation must be relayed through Impersonation must be relayed through

each application tiereach application tier

DataSet vs. Custom ObjectDataSet vs. Custom Object

Custom data objectsCustom data objectsDeveloper has full control over Developer has full control over implementationimplementation

Can be more lightweight than DataSetCan be more lightweight than DataSet

Ideal for single-instance, non-tabular dataIdeal for single-instance, non-tabular data<Serializable()> Public Class UserSettings Private m_username As String Private m_password As String

Public Property Username() As String Get Return m_username End Get Set(ByVal Value As String) m_username = Value End Set End Property ...

DataSets and ADO.NETDataSets and ADO.NETADO.NET: Separates data access from ADO.NET: Separates data access from working with dataworking with data

DataSetDataSetDataTableDataTable

•Relational (tabular) model•Highest performance•Fully exposes database functionality•Can pass to between tiers

SQLXML inSQLXML inADO.NETADO.NET

•Interop format for the Web – B2B, A2A•Sparse (semi-structured) data •XML Services e.g. XQuery, XSD

ObjectSpacObjectSpaceses

•Coming in Whidbey timeframe!•Business objects with relational mapping

Drill Down:Drill Down:Design Choices for Secure Design Choices for Secure DataData

Stored proceduresStored procedures Database credentialsDatabase credentials DataSet vs. custom DataSet vs. custom

objectsobjects

ConcurrencyConcurrency

Input validationInput validation

Retrieve data via Retrieve data via Web servicesWeb services

Offline DataOffline Data

Managing ConcurrencyManaging Concurrency

Concurrency is the policy by which updates Concurrency is the policy by which updates from multiple users to the same data are from multiple users to the same data are managedmanaged

Optimistic concurrencyOptimistic concurrencyLooks for changes to original data before Looks for changes to original data before updatingupdating

Best choice for most Smart Client applicationsBest choice for most Smart Client applications

““Last In Wins”Last In Wins”Last update overwrites all previous updates Last update overwrites all previous updates

Scales well, but provides no assurance of data Scales well, but provides no assurance of data integrityintegrity

Pessimistic concurrencyPessimistic concurrencyLocks the record for a single userLocks the record for a single user

Highest assurance of data integrityHighest assurance of data integrity

Scales poorly, negatively impacts performanceScales poorly, negatively impacts performance

Tools for Optimistic Tools for Optimistic ConcurrencyConcurrency

Data Adapter Configuration WizardData Adapter Configuration WizardSaves a lot of coding effort when using Saves a lot of coding effort when using DataSetDataSet

Generates DAL component and Generates DAL component and optimistically concurrent CRUD stored optimistically concurrent CRUD stored proceduresprocedures

Optionally, a typed dataset for the Optionally, a typed dataset for the selected tablesselected tables

Reconciling Offline Reconciling Offline ChangesChanges

DataAdapter.Update() methodsDataAdapter.Update() methodsHasChanges(), GetChanges(), DiffGramHasChanges(), GetChanges(), DiffGramSupports ADO.NET transactionsSupports ADO.NET transactionsBest for:Best for:

Single database applications, Web services Single database applications, Web services datadata

SQL Merge ReplicationSQL Merge ReplicationReplicate local MSDE data to a central Replicate local MSDE data to a central serverserverUses resolver logic to handle conflictsUses resolver logic to handle conflictsBest for:Best for:

Reconciling large numbers of conflictsReconciling large numbers of conflictsBatch updates of “branch office” dataBatch updates of “branch office” data

Tip: Offline application Tip: Offline application blockblock

Provide loose coupling between components.

Abstract the management of connection state from the application.

Provide the same programming model for the application in both online and offline

Provide extensible interfaces for capabilities such as connection detection, and queuing.

Incorporate design patterns.

Optimistic Concurrency Optimistic Concurrency & Handling Conflicts& Handling Conflicts

Part 1 – Concurrency Wizard / Connect to dataPart 1 – Concurrency Wizard / Connect to data

Optimistic Concurrency Optimistic Concurrency & Handling Conflicts& Handling Conflicts

Part 2 – Updating dataPart 2 – Updating data

Optimistic Concurrency Optimistic Concurrency & Handling Conflicts& Handling Conflicts

Part 3 – Detecting and Resolving ConflictsPart 3 – Detecting and Resolving Conflicts

Drill Down:Drill Down:Design Choices for Secure Design Choices for Secure DataData

Stored proceduresStored procedures Database credentialsDatabase credentials DataSet vs. custom objectsDataSet vs. custom objects ConcurrencyConcurrency

Input validationInput validation

Retrieve data via Retrieve data via Web servicesWeb services

Offline DataOffline Data

Ensuring Valid User InputEnsuring Valid User Input

Client validationClient validationHandle OnRowChanging, Handle OnRowChanging, OnColumnChanging OnColumnChanging

Encapsulates validation with the dataEncapsulates validation with the data

Good for cross-field validation within one row Good for cross-field validation within one row of dataof data

Server validationServer validationAlways re-validate client input on the Always re-validate client input on the serverserver

Tip: Tip: validate input in business logic tiervalidate input in business logic tier

Alternative: SQL triggers and SQL-DDLAlternative: SQL triggers and SQL-DDLReduces DB traffic, but requires special skillsReduces DB traffic, but requires special skills

Retrieve Data Via a Web Retrieve Data Via a Web ServiceService

Batch data operations on Batch data operations on clientclient

Subject class does the workSubject class does the work

DataSet excels as data + DataSet excels as data + state formatstate format

Data access and business Data access and business logic reside in the app server logic reside in the app server tiertier

Tips for service-based dataTips for service-based data: : Limit transaction boundaries Limit transaction boundaries to the app server and to the app server and databasedatabase

Simpler, more maintainable Simpler, more maintainable logiclogic

Invoke services Invoke services asynchronously forasynchronously forbest client UI responsivenessbest client UI responsiveness

Retrieve Data From a Retrieve Data From a Web ServiceWeb Service

Drill Down:Drill Down:Design Choices for Secure Design Choices for Secure DataData

Stored proceduresStored procedures Database credentialsDatabase credentials DataSet vs. custom objectsDataSet vs. custom objects ConcurrencyConcurrency Input validationInput validation Retrieve data via Retrieve data via

Web servicesWeb services

Offline DataOffline Data

When Offline Data Makes When Offline Data Makes SenseSense

Offline data makes sense for…Offline data makes sense for…Truly offline workTruly offline work

In the field, or on an airplane–not wireless!In the field, or on an airplane–not wireless!

Low-contention, easily-partitioned dataLow-contention, easily-partitioned dataExample: my email—vs. all the email on the Example: my email—vs. all the email on the serverserver

Modifying small amounts of dataModifying small amounts of data

TipTip::Limit the size of in-memory datasets for Limit the size of in-memory datasets for good client performancegood client performance

Under 2MB for most applicationsUnder 2MB for most applications

Where to Store Offline Where to Store Offline DataData

Environment.SpecialFolder.LocalApplicationDaEnvironment.SpecialFolder.LocalApplicationDatata

Best choice for non-document dataBest choice for non-document data

Company Name, Product Name, Version Company Name, Product Name, Version

Isolated StorageIsolated StorageViable alternative for partial-trust applicationsViable alternative for partial-trust applications

Secure from other internet appsSecure from other internet apps

{userfiles}\My Documents{userfiles}\My Documents Only document dataOnly document data

TipTip: : Never store user data to Program Files! Never store user data to Program Files!

Forces application to run with Admin privilegesForces application to run with Admin privileges

Large Amounts of Offline Large Amounts of Offline DataData

Use MSDEUse MSDERoyalty-free desktop SQL engineRoyalty-free desktop SQL engine

Downside: additional app to deploy to Downside: additional app to deploy to clientclient

Best for…Best for…Reference data, like product catalogReference data, like product catalog

Working with large amounts of dataWorking with large amounts of data

““Branch Office” databasesBranch Office” databasesSQL Server Merge Replication replicates SQL Server Merge Replication replicates local MSDE data to a central SQL Server local MSDE data to a central SQL Server

Requires LAN or VPN connectionRequires LAN or VPN connection

Best Practices for Secure Best Practices for Secure DataData

Use stored procedures, if possibleUse stored procedures, if possible

Grant access to the stored procedures Grant access to the stored procedures onlyonly

Use optimistic concurrencyUse optimistic concurrency

For disconnected data, consider using For disconnected data, consider using DataSetDataSet

Includes nice support for reconciling Includes nice support for reconciling offline changesoffline changes

Store offline data in Store offline data in LocalApplicationDataLocalApplicationData

Consider MSDE for large amounts of Consider MSDE for large amounts of offline dataoffline data

ResourcesResourcesData Patterns and PracticesData Patterns and Practicesmsdn.microsoft.commsdn.microsoft.com/practices/type/Patterns/Data/practices/type/Patterns/Data

Data Access OverviewData Access Overviewmsdn.microsoft.com/vbasic/using/undersmsdn.microsoft.com/vbasic/using/understanding/datatanding/data

© 2003-2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.