Developing applications on .NET helps you provide a sense of security since it supports various built-in functions for SQL-based databases. I have been using SQL Server as a database for my project, but it has limitations like its limited horizontal scalability, while NoSQL offers you horizontal scalability. Therefore, I am using GridDB, which is known for its high performance and scalability.
However, I am afraid about the security risk of NoSQL databases. In my project, I used the Dependency Injection Service offered by .NET to prevent SQL injection attacks, as shown in the .NET Core Documentation.
I tried to enact in my code as follows:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Microsoft.Extensions.DependencyInjection;
using EmployeeManagementDAL.Interface;
using EmployeeManagementDAL;
namespace EmployeeManagementBL
{
public static class Injection
{
public static void DependencyInjection(this IServiceCollection service)
{
service.AddTransient<EmployeeRepoInterface, EmployeeRepo>();
}
}
}
Following is an instance of addEmployee(Employee emp) function to add employees using .NET parameter.Add() function in SQL database as follows:
public void addEmployee(Employee emp)
{
DynamicParameters parameters = new DynamicParameters();
parameters.Add("@Name", emp.Name, DbType.String);
parameters.Add("@Designation", emp.Designation, DbType.String);
parameters.Add("@Department", emp.Department, DbType.String);
string output_query = "INSERT INTO [dbo].[Employee] (Name, Designation, Department) VALUES (@Name, @Designation, @Department);";
IDbConnection connection = null;
using (connection = new SqlConnection(connectionString))
{
if (connection.State != ConnectionState.Open)
{
connection.Open();
}
connection.Query<Employee>(output_query, parameters);
connection.Close();
}
}
Following is an instance of addEmployee(Employee emp) function to add employees using .NET parameter.Add() function in SQL database as follows:
public void addEmployee(Employee emp)
{
DynamicParameters parameters = new DynamicParameters();
parameters.Add("@Name", emp.Name, DbType.String);
parameters.Add("@Designation", emp.Designation, DbType.String);
parameters.Add("@Department", emp.Department, DbType.String);
string output_query = "INSERT INTO [dbo].[Employee] (Name, Designation, Department) VALUES (@Name, @Designation, @Department);";
IDbConnection connection = null;
using (connection = new SqlConnection(connectionString))
{
if (connection.State != ConnectionState.Open)
{
connection.Open();
}
connection.Query<Employee>(output_query, parameters);
connection.Close();
}
}
However, I was not able to find the usage of parametrized queries of .NET with GridDB. I made the same function addEmployee(Employee emp) as follows:
public void AddEmployee(Employee emp)
{
using (GSGrid store = new GSGrid("myCluster"))
{
using (GSTimeSeries<Employee> employeeContainer = store.GetTimeSeries<Employee>("EmployeeContainer"))
{
Employee newEmployee = new Employee
{
Name = emp.Name,
Designation = emp.Designation,
Department = emp.Department
};
employeeContainer.Put(newEmployee);
}
}
}
Thus, I need to know if GridDB offers some built-in features to help safeguard the data from injection attacks and mitigate the risk of injection vulnerabilities.
Thank you in advance for helping me out.