Pass SecureString value to SQLS Stored Procedure

F

FredZimmerman

Is there a way to pass SecureString value (from C# web application) to
a SQL 2005 stored procedure as Input parameter?

How is it handled from both sides (application, and stored procedure)?

Thanks,

Fred (Atlanta)
 
B

Ben Voigt [C++ MVP]

Is there a way to pass SecureString value (from C# web application) to
a SQL 2005 stored procedure as Input parameter?

How is it handled from both sides (application, and stored procedure)?
Click to expand...

No! Sending values to SQL Server is not secure, it can appear in the trace
log or be seen by a packet sniffer. You need to encrypt or hash the value
in your application, then the coded value can be stored and sent using a
normal System.String
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Call stored procedure with paremeter output in c# 7
Call stored procedure in SSMS from Access 2016 doesn't work. 0
Dynamic Crystal Report in VB.Net 2005 1
Invalid Column Name Sql-Error :Executing a stored procedure 1
passing date values 6
Failed to convert parameter value from a SqlParameter to a DateTime. 2
stored procedure and return value 6
Parse string from C# to stored procedure 4

Top