从WPF保存到SQL Server数据库 [英] Saving to SQL Server database from WPF

问题描述

我在Azure上托管了一个SQL Server数据库.我需要将使用WPF应用程序的多个PC用户的数据写入此数据库.

I have a SQL Server database hosted on Azure. I need to write data from multiple PC users that are using WPF app to this database.

假设WPF应用程序被多个用户使用，是否可以安全地将连接字符串保存在 app.config 文件中?将数据从Windows应用程序保存到共享数据库的最佳实践是什么?

Assuming that WPF app is used by multiple users is it safe to save connection string in app.config file? What are the best practices for saving data from a Windows app into a shared database?

恐怕用户可以利用存储在 app.config 中的连接字符串来操纵数据.

I'm afraid that users can manipulate data by utilizing connection string stored in app.config.

推荐答案

假设WPF应用程序被多个用户使用，则可以安全保存app.config文件中的连接字符串?

Assuming that WPF app is used by multiple users is it safe to save connection string in app.config file?

恕我直言，以纯文本存储连接字符串永远都不安全.用户可以连接到应用程序外部的数据库，并对您的数据库造成严重破坏，这是绝对正确的.

IMHO, it is never safe to store connection string in plain text. You're absolutely correct that users can connect to the database outside of your application and cause some serious damage to your database.

我想到的一些事情是:

• 加密连接字符串，并使用它而不是存储未加密的连接字符串.
• 使用基于Azure AD的访问控制.最近，Azure团队宣布可以使用Azure AD凭据连接到SQL数据库.这样，您可以在用户连接到数据库之前对其进行身份验证.您可以在此处了解更多信息: https://azure.microsoft.com/zh-CN/documentation/articles/sql-database-aad-authentication/.

• Encrypt the connection string and use that instead of storing connection string unencrypted.
• Use Azure AD based access control. Recently Azure team announced availability of connecting to a SQL Database using Azure AD credentials. This way you can authenticate the users before they connect to your database. You can read more about it here: https://azure.microsoft.com/en-in/documentation/articles/sql-database-aad-authentication/.

您可能还会发现以下文章对保护Azure SQL数据库很有用: https://azure.microsoft.com/en-us/documentation/articles/sql-database-security-guidelines/.

You may also find the following article useful in securing your Azure SQL Database: https://azure.microsoft.com/en-us/documentation/articles/sql-database-security-guidelines/.

这篇关于从WPF保存到SQL Server数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！