C# - 安全地连接到远程SQL Server?
[英]C# - Connect to remote SQL Server securely?
问题描述
I know it's easy to connect to a SQL Server database however I'm not sure how I'm supposed to do it remotely and on the same time.. with a secure way . 
我知道连接到SQL Server数据库很容易但是我不确定我应该如何远程地同时进行...以安全的方式。
SqlConnection sqlConnection = this.sqlcon();
SqlCommand insertCommand = new SqlCommand("use " + database_telecaster.ToString() + " SELECT Top 1 sid from dbo.Item order by sid desc", sqlConnection);
sqlConnection.Open();
insertCommand.ExecuteNonQuery();
SqlDataReader reader = insertCommand.ExecuteReader();
while (reader.Read())
{
MaxSid = (reader.GetInt64(0) + 100).ToString();
}
reader.Close();
sqlConnection.Close();
SQL Server con function : SQL Server con函数:
public SqlConnection sqlcon()
{
var doc = new XPathDocument(Application.StartupPath + "/DBConn.xml");
var navigator = doc.CreateNavigator();
var serverName = navigator.SelectSingleNode("//appsettings/servername");
var username = navigator.SelectSingleNode("//appsettings/username");
var password = navigator.SelectSingleNode("//appsettings/password");
var database = navigator.SelectSingleNode("//appsettings/database");
object[] objArray = new object[] {
serverName , database, username , password
};
return new SqlConnection(string.Format("Data Source={0};Initial Catalog={1};User Id={2};Password={3};MultipleActiveResultSets = True", objArray));
}
Assuming that the SQL Server is on a Windows VPS installed and I'm going to give my software to different people and I want them all to access that SQL server... how I can do that without opening the ports of the SQL Server ? 假设SQL Server安装在Windows VPS上,我将把我的软件提供给不同的人,我希望他们都能访问该SQL服务器......如何在不打开SQL Server端口的情况下做到这一点? Because as far as I know opening the ports will lead to getting hacked since all people will be able to connect remotely to that server . 因为据我所知,打开端口会导致被黑客入侵,因为所有人都可以远程连接到该服务器。
1 个解决方案
解决方案1
5 已采纳 2016-02-13 14:43:53
This questions reminds me of me when I was getting started... 当我开始时,这个问题让我想起了我......
Whatever you do, do not connect to the database directly, because to connect directly you would have to store the database connection strings (and passwords) within your application... you could obfuscate it, make it as obscure as you like, it wont make a difference... You'll essentially hand over the keys to the castle. 无论你做什么,都不要直接连接到数据库,因为要直接连接你必须在你的应用程序中存储数据库连接字符串(和密码)......你可能会混淆它,让它像你想的那样模糊,它不会有所作为......你基本上将钥匙交给了城堡。
Instead, you need to start learning how to create an API, that authenticates the client and connects to the data layer on the clients behalf, performs the operations requested and then returns the result. 相反,您需要开始学习如何创建API,对客户端进行身份验证并代表客户端连接到数据层,执行请求的操作,然后返回结果。
Personally, I would use ASP.NET Web API , it's the right tool for the job. 就个人而言,我会使用ASP.NET Web API ,它是正确的工具。 There is a slight learning curve to it but just stick with it and you'll have it figured out in a few days. 它有一个轻微的学习曲线,但只是坚持下去,你会在几天内弄明白。 Start off with these PluralSight videos , they're an excellent resource which is completely free thanks to Microsoft, and they'll certainly keep you busy! 从这些PluralSight视频开始 ,它们是一个非常好的资源,完全免费得益于微软,它们肯定会让你忙碌!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.