Data Connectivity Security with ADO.NET

Microsoft devoted significant effort toward addressing security in regard to ADO.NET and the CLR itself, providing tremendous advances for the platform. Code access security (an important feature of the .NET Framework) helps to limit access to protected resources.

Systems administrators can define a security policy that very precisely identifies which functions users or assemblies will be allowed to access. By contrast, an application that includes unmanaged code cannot take advantage of these security capabilities.

Microsoft's MSDN document, "Secure Coding Guidelines for the .NET Framework", states;

"Some library code may need to call into unmanaged code. Because this requires going outside the security perimeter for managed code, due caution is required... because any managed code that affords a code path into native code is a potential target for malicious code. Determining which unmanaged code can be safely used and how it must be used requires extreme care."

With managed code, the application does not have direct access to pointers, machine registers or memory. 100% managed code is fully controlled by security policies within the .NET Framework. The .NET Framework enforces security by causing potentially dangerous actions to fail with a security violation exception. Buffer overruns, which are a common type of security hole, are virtually impossible with 100% managed code.