Connection string: which one is more secure Linq to Sql or Entity Framework

Question

Hello I have to make a new windows project using remote sql server database. To make a decision regarding the choice between Linq to Sql and the Entity Framework I initially created two identical test projects the unique difference was data access technology to compare the performance between these two technologies I noticed that the EF project is about 4 times slower. Now I'd like to be helped on the question of security: Having to use an encryption of the connection string in the App.config file I wonder if there would still be vulnerabilities in the use of data models. Dbml or. Edmx Also I wonder how to configure remote (Windows Server / SQL Server 2008) and the local (Windows 7 / application) to establish connection with integrated security (Windows). Thanks in advance

Muralidharan Deenathayalan · Answer

In which machine sql server instance is running on the remote machine correct ? In this caseif you run the application from your machine then windows authentication will take your local system user name and password. If the sql server and application is on the same machine then you can try the below one. 1) Hold shift key + Right click on your exe application. 2) Run as different user 3) Give the user name password. Do you have any issues to run the application on sql server authentication ?

Samio · Answer

Not yet I steel look for a good comparison between L2SQL and EF connection methods to see then which encryption way to use.

Muralidharan Deenathayalan · Answer

Have you encrpted the connection stirng?

Samio · Answer

Using Windows Server Start -> Computer -> Manage I created a new user credentials At SQL Server Security -> Logins I added that user specifying windows authentication and also made related configurations for mappings permissions and so on. At My desktop side I created a new windows session with the same credentials. Then I had the choice to connect the app. from inside the related user session or using the method like you specified above: 1) Hold shift key + Right click on your exe application. 2) Run as different user 3) Give the user name password. That's it. The most important in all this is the question (Title of thisTopic) and till now remain without answer ...

Muralidharan Deenathayalan · Answer

How you have connected the sql server can you please post that information here? http://www.c-sharpcorner.com/Forums/Thread/165535/secure-connection-string-in-app-config-C-Sharp.aspx http://stackoverflow.com/questions/1335413/entity-framework-encrypt-connection-string

Samio · Answer

Finally I could connect my local application to the remote sql server using Windows Authentication without having to use Active Directory feature. Now I'm looking for a simple way to encrypt the connection string in the App.config any idea please?

Samio · Answer

Previously you asked:  In which machine sql server instance is running on the remote machine correct ? My answer is YES. SQL Server is on a remote server and the client application is windows type and it is istalled on some client desktops not belonging to same groups or networks.

Muralidharan Deenathayalan · Answer

As long as the application and the sql server is in the same machine you no need to have Active Directory.

Samio · Answer

Hi Murali From your last post I assume that I have to create a windows session with my credentials same as my local session credentials ? right ? I do not have to configure any Active Directory ?

Samio · Answer

Hi Murali Can I use Windows authentication without having domain controler ?

Muralidharan Deenathayalan · Answer

You can encrypt the connectionstring in app.config file. if the remote is in the same Active Directory then you can use windows authentication (which is more secure) otherwise you can use sql server authentication to connect the sql server. http://itzkumar.wordpress.com/2009/09/18/windows-authentication-vs-sql-server-authentication/

Muralidharan Deenathayalan · Answer

Then I guess you have to use sql authentication.