Databases Reference
In-Depth Information
The following code calls the RSA encryption routine and saves its result to the UserProperties table as previously
described. The table now contains two records. Note that the length of the ciphertext is much greater with the
certificate encryption approach:
1. class Program
2. {
3. static void Main(string[] args)
4. {
5. // Declare the encryption object and encrypt our secret value
6. Encryption e = new Encryption();
7. CipherText ct = e.EncryptAES("secret value goes here...");
8. CipherText ct2 = e.EncryptByCert("another secret!!!");
9.
10. UserProperties.Save("MySecret", ct);
11. UserProperties.Save("MySecret2", ct2);
12.
13. }
14. }
Access Control
So far, you've spent a lot of time encrypting and hashing values for increased confidentiality and integrity. However,
another important aspect of the CIA triad is access control. This section reviews two subcategories of access control:
authentication (also referred to as AUTHN) and authorization (AUTHZ).
Authentication (AUTHN)
AUTHN is a process that verifies you're indeed who you say you are. In SQL Server, the AUTHN process is done
through one of two mechanisms: network credentials (which are handled through Kerberos authentication over the
Security Support Provider Interface [SSPI]) or SQL Server credentials. Connection strings must specify which AUTHN
is being used. And when you use SQL Server AUTHN, a password must be provided before attempting to connect,
either by a user at runtime or in a configuration file.
Keep the following items in mind when you're considering AUTHN with SQL Database:
•
No network authentication
. Because SQL Database isn't on your network, network AUTHN
isn't available. This further means you must use SQL AUTHN at all times and that you must
store passwords in your applications (in configuration files, preferably). You may want to store
your passwords encrypted. Although you can encrypt sections of your configuration files in
Windows using the
aspnet_regiis.exe
utility, this option isn't available in Windows Azure
using the default providers. However, you can encrypt sections of your web configuration file
using a custom configuration provider: PKCS12 (found on the MSDN Code Gallery). For more
•
Strong passwords
. SQL Database requires the use of strong passwords. This option can't be
disabled, which is a good thing. A strong password must be at least eight characters long; must
combine letters, numbers, and symbols; and can't be a word found in a dictionary.
•
Login name limitations
. Certain login names aren't available, such as sa, admin, and guest.
These logins can't be created. You should also refrain from using the @ symbol in your login
names; this symbol is used to separate a user name from a machine name, which may be
needed at times.
