Best Practices for Secure Programming
Database Use in Applications
Certain precautions should be taken when using databases in applications
- Databases usually require logins -- don't keep username/password
information in your app. Keep them in a separate file with restrictive
OS permissions.
- Again, sanitize input to avoid SQL injection. Try not to use any user
input directly in SQL statements if possible
- Keep the database on a machine separate from the front end application,
protected by a firewall OR keep DB on the same machine with no network
access
- If accessed over a network, encrypt the connection if possible