Home/ Questions/Q 7972189
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T07:48:02+00:00

I have worked on a desktop application which I have created using the combination

  • 0

I have worked on a desktop application which I have created using the combination of WPF, WCF, EF 4 and SQL Seerver 2008 R2.

Now I have to prepare my software for security audit and I need to know what best I can do for ensuring security parameters in my application. Currently I’m using WCF Service authentication with Active Directory.

To my knowledge following things I can do to make my application more secure:

  • Code Obfuscation — to secure code base
  • Can use TDE — to secure the database and encrypt confidential tables.
  • Can use SSL — to secure communication channel (Any good article on this can helps a lot coz I didn’t found any thing good which can explain like how to do this for intranet desktop application)

What else I can do to secure the application. I’m still not clear on how to secure the communication channel between client <–> Server and Server <–> database.

Any help will be greatly appreciated. Thanks..

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Don’t waste your time with obfuscation. Good security is transparent. Obfuscation is only useful for protecting intellectual property, and even then that’s debatable.

    Anyways, it sounds like you want to focus on a few things:

    1. Obtain an SSL server certificate for your application server and also for your SQL Server. If you don’t want to spend the money on one, you can create your own PKI or self-signed certificate authority. I wouldn’t recommend self-signed for production, and rolling your own PKI shouldn’t be taken lightly, either.

    2. Use protocol encryption to secure the connection between your application and the SQL Server instance.

    3. Use binding that requires transport security to make your WCF communication use SSL. http://msdn.microsoft.com/en-us/library/ms734679.aspx

      http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b361ee9e-2f37-4ecf-ba8b-96c6d6e6118a

    4. Audit your authentication routines. Are you hashing and salting passwords? Do you audit security events (login, logout, failed attempts)? Do you lock accounts after a certain number of failed attempts? So on and so forth. It would be helpful to work with whomever is auditing you to get a feel for what they will be looking for.

    • 0