17. class DataAccess { static void GetNewOrders(DateTime date, int qty) { using (NorthWindDB nw = new NorthWindDB ()) { var orders = from o in nw.Orders where o.OrderDate > date select new { o.orderID, o.OrderDate, Total = o.OrderLines.Sum(l => l.Quantity); foreach (SalesOrder o in orders) { Console.WriteLine("{0:d}{1}{2}", o.OrderDate, o.OrderId, o.Total); } } } } Data Access Code with LINQ Query syntax is native application code Data objects are first-class citizens No dynamic SQL therefore no injection
18.
19.
20.
21.
22. EKM Key Hierarchy in SQL 2008 Native Symmetric key TDE DEK key EKM Symmetric key EKM Asymmetric key SQL Server Symmetric key Asymmetric key Data Data
23.
24. TDE – Key Hierarchy Database Master Key encrypts Certificate In Master Database DPAPI encrypts Service Master Key Service Master Key encrypts Database Master Key Certificate encrypts Database Encryption Key
25. TDE – Key Hierarchy with EKM Asymmetric Key resides on the EKM device Asymmetric Key encrypts Database Encryption Key
26.
27.
28.
29. Audit Specifications Audit Security Event Log Application Event Log 0..1 Server audit specification per Audit object 0..1 DB audit specification per database per Audit object CREATE SERVER AUDIT SPECIFICATION SvrAC TO SERVER AUDIT PCI_Audit ADD (FAILED_LOGIN_GROUP); CREATE DATABASE AUDIT SPECIFICATION AuditAC TO SERVER AUDIT PCI_Audit ADD (SELECT ON Customers BY public) Server Audit Action Server Audit Action Server Audit Action Server Audit Action Server Audit Action Database Audit Action Database Audit Action Database Audit Action Database Audit Action Database Audit Action File File system Server Audit Specification Database Audit Components Database Audit Components Database Audit Components Database Audit Specification