Improving Web Application Security: Threats and - CGISecurity

Chapter 14: Building Secure Data Access 379AuthenticationWhen your application connects to a SQL Server database, you have a choice ofWindows authentication or SQL authentication. Windows authentication is moresecure. If you must use SQL authentication, perhaps because you need to connect tothe database using a number of different accounts and you want to avoid callingLogonUser, take additional steps to mitigate the additional risks as far as possible.Note Using LogonUser to create an impersonation token requires the powerful “Act as part of theoperating system” privilege on Microsoft Windows 2000 and so this approach should be avoided.Consider the following recommendations:●●●Use Windows authentication.Protect the credentials for SQL authentication.Connect using a least privileged account.Use Windows AuthenticationWindows authentication does not send credentials over the network. If you useWindows authentication for a Web application, in most cases, you use a serviceaccount or a process account, such as the ASPNET account, to connect to thedatabase. Windows and SQL Server must both recognize the account you use on thedatabase server. The account must be granted a login to SQL Server and the loginneeds to have associated permissions to access a database.When you use Windows authentication, you use a trusted connection. The followingcode fragments show typical connection strings that use Windows authentication.The example below uses the ADO.NET data provider for SQL Server:SqlConnection pubsConn = new SqlConnection("server=dbserver; database=pubs; Integrated Security=SSPI;");The example below uses the ADO.NET data provider for OLE DB data sources:OleDbConnection pubsConn = new OleDbConnection("Provider=SQLOLEDB; Data Source=dbserver; Integrated Security=SSPI;" +"Initial Catalog=northwind");