What is the best practice for secure connection to SQL Server 2008 from .net 4.0?

Question

What is the best practice and most secure solution when connecting from a .NET 4.0 application to SQL Server in 2008?

And how is this done in c# / vb?

I thought of connecting from the application to the SQL Server's database over an encrypted connection and then by using something called Application Roles.

Would this be a good approach?

Answer 1

If you are connecting over an untrusted network (like the internet) then I recommend using a VPN.

Answer 2

This is a very open question with no correct answer unless you can itemize the threats that concern you. Once you know which threats are of concern, the question can be answered correctly.

Do you care about:

1) tampering with the data as it goes from Client <-> Server?
2) server authentication?
3) client authentication?
4) disclosure of data as it goes from Client <-> Server?