I have never developed an application outside my system of companies, where we simply rely on Windows authentication from our domain, but I want to learn how to develop a secure application that I can connect to a remote database.
I know that it is easier to use ASP.Net because the data connections will be on the server side, but I also want to have a WPF application for administrative tasks.
Here's what I can come up with for a secure database connection:
First, you always have an SSL connection to the database, there is a default user / pass, which is clear text in the program configuration file, where it has access only to the database login procedure, where the user places the database credentials and user / the default pass will be connected to db and will transfer the credentials that the user submitted.
The procedure will then return a pair of user / pass credentials that the application will use for the rest of the user logged in to the session. Is this a good way to get closer to the problem? and should I also use the WCF web service as an interface instead of a direct connection?
security
greektreat
source share