tags:

views:

33

answers:

1
Q: 

Secure xml messages being read from database into app.

I have an app that reads xml from a database using NHibernate Dal. The dal calls stored procedures to read and encapsulate the data from the schema into an xml message, wrap it up to a message and enqueue it on an internal queue for processing.

I would to secure the channel from the database reads to the dequeue action. What would be the best way to do it. I was thinking of signing the xml using System.Security.Cryptography.Xml namespace, but is their any other techniques or approaches I need to know about?

Any help would be appreciated. Bob.

A: 

The two things you need to be privy to are constraining access to data in transit and filtering input in prevention of code injection.

There are multiple way to constrain the data in transit, but they not be practical for your application configuration. By not securing that tranmission the data is open to eavesdropping and interference. You can digitally sign the packets as this would provide a mechanism for authentication. You can encrypt the data as this would provide confidentiality. You can also perform a hash comparison upon the final payload as this would provide integrity. If you are not taking into account confidentiality, integrity, or authorization then you have no security.

As far as the best way that I do not know. The best way is what is most efficient with regard to processing and I/O versus the degree of risk that is acceptable to your organization.

 2010-05-11 09:26:06
Austin,I'm looking for two scenario patterns. What would be the appropriate classes in c# to sign, encrypt and hash compare messages coming into dll from db, and messages sent between two dll's.
scope_creep  2010-05-11 15:44:17
Austin, I've managed to determine the implementation of the three points you described. Thanks.
scope_creep  2010-05-12 15:28:16

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?