Integration Question

[mike]

Hi,

I am writing a C# assembly that will be used in another application. The
assembly needs to use some of the data in the MS SQL DB that this
application uses. The security is very tight on this application because it
is a third party business application. I am trying to come up with some
solutions to share this data between the third party application and the
assembly. I was thinking of designing some stored procedures and just call
them in the assembly. Or I could create a temporary data storage for the
data. If I do create stored procedures I would need to pass a user name and
password or hardcode it in the asssembly. I am leaning toward the stored
procedures because I need to the load the data into a dataset to do some
advanced changes. Any suggestions?

Thanks

 

[Guest]

If your only 2 options are passing the credentials and hard-coding the
credentials, I would definitely pass them. Hard-coding is never a good idea
because all it takes is someone getting a hold of your assembly and opening
it up in a hex editor and looking up the credentials. Once they have your
assembly, it just a matter of time before the locate it and crack it (if it’s
been encrypted). Now your security has been compromised. Updating the code
now to supply new credentials becomes a headache, plus the crackers already
know where to look in your next version.

Passing the credentials is the lesser of the 2 evils but still isn’t the
best method. The best method is to prompt the user for them when they are
required and caching them in memory. This isn’t always possible or user
friendly, but it the most secure.

Regards,
DlgProc.