Security of Azure SQL Database

本文介绍了 Azure SQL 数据库的安全配置方法,包括防火墙设置、仅支持 SQL Server 身份验证、SSL 通信验证及连接字符串加密等内容。通过详细步骤说明如何确保与 Azure SQL 的安全通信,并提供证书管理和加密解密的实用代码。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

1.     Sql database firewall

a.      Allowed IPs

b.     Allow from all Azure services

2.     Only support sql server credential, not WindowsAuthentication

3.     Validate in SSL communication

a.      All communication with Azure SQL are based onSSL, but certificate validation is needed to avoid man-in-middle attack

b.     Achieved by:

 i.     To validate certificates with ADO.NETapplication code, set Encrypt=True and TrustServerCertificate=False in thedatabase connection string.

 ii.     To validate certificates via SQL ServerManagement Studio, open the Connect to Server dialog box. Click Encrypt connectionon the Connection Properties tab.

4.     Encrypt connection string in configure file

a.      Automatic conf in ASP.NET by using Pkcs12CertProtectedConfiguratoinProvider.dll(only automatic choice in Azure)

b.     Using PKCS classes:

Generate keys:

VSTool> makecert -r -pe -n "CN=AlbertkoCert4"-sky exchange "AlbertkoCert4.cer" -sv "AlbertkoCert4.pvk"

VSTool>pvk2pfx -pvk AlbertkoCert4.pvk -spc AlbertkoCert4.cer-pfx AlbertkoCer4.pfx-po passxxrd

(password is explicitly needed when pvk2pfx)

Install pubic key in client to encrypt (by mmc->File->snap-ins->certificates->Local Computer to install in StoreName.My,StoreLocation.LocalMachine (btw, use certmgr.msc to manage certificates in StoreLocation.User)) and pfx in Azure to decrypt.

All in one: http://social.technet.microsoft.com/wiki/contents/articles/2951.windows-azure-sql-database-connection-security.aspx

http://msdn.microsoft.com/en-us/library/ff394108.aspx

Securing your Azure SQL:

http://blogs.msdn.com/b/sqlazure/archive/2010/09/07/10058942.aspx

http://blogs.msdn.com/b/sqlazure/archive/2010/09/08/10059359.aspx

http://blogs.msdn.com/b/sqlazure/archive/2010/09/09/10059889.aspx

http://blogs.msdn.com/b/sqlazure/archive/2010/09/10/10060395.aspx

PKCS: http://en.wikipedia.org/wiki/PKCS

Basic knowledge of X509certificate: http://www.cnblogs.com/chnking/archive/2007/09/02/879218.html

System.Security.Cryptography.Pkcs:

http://technet.microsoft.com/zh-cn/ie/ms180945

http://technet.microsoft.com/zh-cn/ie/ms180951

http://technet.microsoft.com/zh-cn/ie/ms180950

 

 

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Security.Cryptography.Pkcs;

usingSystem.Security.Cryptography.X509Certificates;

 

namespace SecurityToolLib

{

    public staticclassSecurityTool

    {

        public staticX509Certificate2 LoadCertificate(StoreName storeName,StoreLocationstoreLocation,string thumbPrint)

       {

           var certStore = newX509Store(storeName, storeLocation);

           try

           {

               certStore.Open(OpenFlags.ReadOnly |OpenFlags.OpenExistingOnly);

               var certificateCollection =certStore.Certificates.Find(X509FindType.FindByThumbprint,thumbPrint,false);

               if (certificateCollection.Count == 0)

               {

                    thrownewInvalidOperationException(string.Format("Certificatewith thumbprint {0} cannot be loaded.", thumbPrint));

               }

               return certificateCollection[0];

           }

           finally

           {

               certStore.Close();

           }

       }

 

        public staticX509Certificate2 LoadCertificate(string thumbPrint)

        {

           return LoadCertificate(StoreName.My,StoreLocation.LocalMachine,thumbPrint);

       }

 

        public staticstring EncryptWithCertificate(string clearText,X509Certificate2certificate)

       {

           //ValidationHelper.CheckArgumentNull(clearText,"clearText");

           //ValidationHelper.CheckArgumentNull(certificate,"certificate");

 

           byte[] clearBytes = Encoding.UTF8.GetBytes(clearText);

           var contentInfo = new ContentInfo(clearBytes);

           var envelopedCms = new EnvelopedCms(contentInfo);

           var recipient = newCmsRecipient(certificate);

           envelopedCms.Encrypt(recipient);

           byte[] encryptedBytes =envelopedCms.Encode();

           return Convert.ToBase64String(encryptedBytes);

       }

 

        public staticstring EncryptWithCertificate(string clearText,stringthumbPrint)

       {

           return EncryptWithCertificate(clearText,LoadCertificate(thumbPrint));

       }

 

        public staticstring DecryptWithCertificate(string base64EncryptedString,X509Certificate2certificate)

       {

           //ValidationHelper.CheckArgumentNull(base64EncryptedString,"base64EncryptedString");

           //ValidationHelper.CheckArgumentNull(certificate,"certificate");

 

           byte[] encryptedBytes = Convert.FromBase64String(base64EncryptedString);

           var envelopedCms = new EnvelopedCms();

           envelopedCms.Decode(encryptedBytes);

           envelopedCms.Decrypt(new X509Certificate2Collection(certificate));

           byte[] clearBytes =envelopedCms.ContentInfo.Content;

           return Encoding.UTF8.GetString(clearBytes);

       }

 

        public staticstring DecryptWithCertificate(string base64EncryptedString,stringthumbPrint)

       {

           returnDecryptWithCertificate(base64EncryptedString, LoadCertificate(thumbPrint));

       }

    }

}

 

 

 

 

内容概要:本文探讨了在MATLAB/SimuLink环境中进行三相STATCOM(静态同步补偿器)无功补偿的技术方法及其仿真过程。首先介绍了STATCOM作为无功功率补偿装置的工作原理,即通过调节交流电压的幅值和相位来实现对无功功率的有效管理。接着详细描述了在MATLAB/SimuLink平台下构建三相STATCOM仿真模型的具体步骤,包括创建新模型、添加电源和负载、搭建主电路、加入控制模块以及完成整个电路的连接。然后阐述了如何通过对STATCOM输出电压和电流的精确调控达到无功补偿的目的,并展示了具体的仿真结果分析方法,如读取仿真数据、提取关键参数、绘制无功功率变化曲线等。最后指出,这种技术可以显著提升电力系统的稳定性与电能质量,展望了STATCOM在未来的发展潜力。 适合人群:电气工程专业学生、从事电力系统相关工作的技术人员、希望深入了解无功补偿技术的研究人员。 使用场景及目标:适用于想要掌握MATLAB/SimuLink软件操作技能的人群,特别是那些专注于电力电子领域的从业者;旨在帮助他们学会建立复杂的电力系统仿真模型,以便更好地理解STATCOM的工作机制,进而优化实际项目中的无功补偿方案。 其他说明:文中提供的实例代码可以帮助读者直观地了解如何从零开始构建一个完整的三相STATCOM仿真环境,并通过图形化的方式展示无功补偿的效果,便于进一步的学习与研究。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值