My team is considering using an up to date version of Entity Framework with a WinForm or WPF application which wil开发者_C百科l be downloaded by users and installed on their machines.
This will connnect through WCF to our database, and the app will use LINQ queries through EF to interact with the database.
Is this secure? Can the application be reverse engineered, and a competitor see our database structure and business rules?
Is this architecture acceptable? Or if the risk is high, should the structure be abstracted behind an interface?
I imagine it depends a bit on how your WCF service is going to work. Webservice or Windows Service? Encryption? If you are not encrypting and you are serializing your returned objects in XML, it is possible someone could snoop that XML stream, and get an understanding of the structure of the entity (Pretty sure mapping information or Storage Layer information is not included in the serialized entity).
As far as Entity Framework goes, assuming an attacker cannot get to the edmx or the resulting EDM constituent files, and they can't get access to the database directly, you should be good. Entity Framework EDMs compile pretty similarly to other assemblies. So long as you secure the transport from service to client, you should be good.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论