Databases typically have their own security. An important aspect of a secure Web application is designing a way for the application to access the database securely. Follow these guidelines:
o Use the inherent security of your database to limit who can access database resources. The exact strategy depends on your database and your application:
o If practical in your application, use integrated security so that only Windows-authenticated users can access the database. Integrated security is more secure than passing explicit credentials to the database.
o If your application involves anonymous access, create a single user with very limited permissions, and perform queries by connecting as this user.