Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Code access security in asp.net and web services

Status
Not open for further replies.
mcowen

mcowen

Programmer
Oct 21, 2001
134
0
0
GB
I'm involved in a large .net project which is mainly asp.net. One of the requirements is to have all access to data made via web services. The reasoning I've been given for this approach is that this is more secure than a traditional website that accesses a database directly. If the web server is compromised then the hacker will not have access to the database and would have to cross another application domain to get it. A hacker would have access to modify code and run any code they wish. Is this really possible?

My concern is that this approach is going to be too slow. As far as security is concerned isn't it just a matter of adding the correct code access permissions? I know that web services are superb for geographically dispersed applications but this website is going to sit next to the sql server database with minimal 3rd party integration. Does anyone have any thoughts on this approach?

Matt
 
Sort by date Sort by votes
Making data available via a web service or via the application doesn't make it less or more secure. They both would require some form on authentication, and if that authentication is compromised then you have a problem.

Personally, I wouldn't go down the web service route unless you need to expose the data to various clients.


-------------------------------------------------------

Mark,
[URL unfurl="true"]http://aspnetlibrary.com[/url]
[URL unfurl="true"]http://mdssolutions.co.uk[/url] - Delivering professional ASP.NET solutions
[URL unfurl="true"]http://weblogs.asp.net/marksmith[/url]
 
Upvote 0 Downvote
Web services will be slower. We use them here where I work because we need to allow an outside network access our DB. As Mark said, this is the only time you should use them.
 
Upvote 0 Downvote
a hacker won't care about the code, only the data. the easiest way to get to the database is the connection string stored in the config file or deconstruct the assembly and read the connection string from some variable.

if security is compromised and the hacker can access the server they won't use the gui or serivce to get the data. they'll connection directly to the database and dump the tables.

as stated before. if security is breached, it doesn't matter how you access the data, you can still access it.

Jason Meckley
Programmer
Specialty Bakers, Inc.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

snakehips2000
  • Locked
  • Question
Entity Framework, MVC, ASP.NET, ASP.NET Core etc… etc
Replies
0
Views
121
snakehips2000
snakehips2000
Makumbi256
  • Locked
  • Question
how can i convert this code to cshap
Replies
1
Views
129
xwb
xwb
WIREMESH
  • Locked
  • Question
Play mp4 files in asp.net 2.0 webforms application
Replies
0
Views
44
WIREMESH
WIREMESH
sugu1
  • Locked
  • Question
sound editing in web site to record, cut/trim, paste and save as wav file
Replies
0
Views
127
sugu1
sugu1
WIREMESH
  • Locked
  • Question
ASP.NET 2.0 Webform compilation error
Replies
1
Views
81
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top