de Paul Litwin
- Don’t trust user input, ever. Use validation controls, regular expressions, code and other methods to validate every single textbox entry.
- Avoid dynamic SQL. Instead, use parameterized SQL or stored procedures.
- Never link a database to an admin-level account. Always use a limited access account to connect to the database.
- Encrypt or hash passwords and connection strings. Never leave this kind of sensitive information as plain text.
- Keep error messages at a high level. The more information those messages have, the more clues they can provide to hackers.
Resumen de ITBusinessnet