2May
Desktop App with SQL Server security issues
I'm in a discussion with Information Security team about a legacy Desktop Application accessing a SQL Server database directly using LINQtoSQL.
The Information Security team insists that there are many security vulnerabilities in a Desktop application and a SQL Server with open port to network communication.
As a +10 experience developer I can only list this risks involved:
- Unsigned Application: company's authority can't be certified allowing attacker to create a copy of the app with malicious codes.
- Unobfuscated code: the attacker can decompile the app change its code an inject malicious codes.
- Open port: can be exploited with an stolen SQL SERVER user + password to Data leak
But I know how we can mitigate all this issues instead of spending the enormous effort to migrate the whole desktop app (+8 years old) to (intranet) web app.
Do you guys have further arguments against this client server architecture?
