Developing a secure application is always a challenge. Security, unfortunately, is often the last thing that is thought of when applications are created. On a tight schedule, in circumstances where corners need to be cut, application security often suffers.
SQL Injection Attacks are something that every application developer must keep an eye on when they are building their application. Traditionally, parameterized queries are used to prevent SQL injection.
When LINQ to SQL code is executed, queries are automatically parameterized for you. If a developer rushes something or adequate time is not devoted to security during their project, there is a higher likelihood that their applications will be protected from these attacks.
For example, the following LINQ select statement:
from person in dbo.Person where person.Name == txtPersonName.Text select person;
translates to:
SELECT [t0].[PersonID], [t0].[PersonName], FROM [dbo].[Person] AS [t0] WHERE [t0].[PersonName] = @p0
Although there are other things to consider when securing your application, I hope this tidbit can bring a little peace of mind to you and your client.
0 Responses to “Using LINQ to Automatically Protect Your Application from SQL Injection”