Unauthorized access of our Data Access Layer


Mar 11, 2005
Programming Experience
To simplify our own situation lets say we have clear seperation of the three layers with the Presentation, Business and Data Access Layers in their own seperate DLLs, but on the same client machine. Our DAL DLL is obfuscated and holds our single service account to access the database.

We are presuming it is at least very difficult even with someone having access to the obfuscated DLL they would have a difficult time determining the userid and password of our one service account that can access our SQL Server database. Still, how do we stop someone from writing their own code and directly accessing the DAL DLL to change our datbase?

We considered sending a hidden key between the layers of the obfuscated DLLs, and even possibly adding an extra layer of encryption using Public and Private keys. Still, every single time a database access is requested would require this key encryption and decryption when 99.9999% of the time it is unnecessary. Is there a quicker and cleaner way of doing this?


Latest posts

Top Bottom