Application security is something most of us want to ignore. We just want to focus on the functionality of the application, and we wish hackers would just leave us alone. The problem is that we must be aware of security issues and we need to write our programs in a responsible way to spare ourselves the embarrassment and losses that hackers can cause.
Staying current with the latest security patches, running antivirus software, and providing firewalls with logging software are great starting points for implementing security, but writing secure code is equally, if not more, important.
This chapter is not meant to be a complete lesson on application security; entire books are available on this topic. It does, however, offer a lengthy application security overview, which includes Microsoft Windows security and code access security (CAS). This will give you enough information to understand Microsoft ADO.NET security, which is covered later in this chapter.
If you already feel comfortable with Windows security and CAS, skip to the last part of this chapter, which covers ADO.NET security issues, general tips, and ideas for how to make your data more secure.