Skip to main content

Security Considerations in Windows Forms

  • 4 minutes to read

This document describes how to avoid possible security risks when you deploy a WinForms application that contains the DashboardDesigner or DashboardViewer control.

Data Connection Security

The DashboardDesigner and DashboardViewer can use different data source types to supply dashboards with data. Users can create data sources based on predefined data connections in the UI, or you can add predefined data sources in code. You should specify connection parameters to get data from certain data sources. For example, DashboardSqlDataSource and DashboardOlapDataSource can require a user name and password. To avoid data leaks, use one of the following techniques to pass connection parameters safely:

Data Source Security

SQL Data Source

Validate Custom SQL Queries

The Data Source Wizard allows users to construct SQL queries only in the built-in Query Builder. Queries constructed in the Query Builder are guaranteed to be safe because they can contain only a SELECT statement.

Users cannot edit SQL queries in the Query Builder (the default setting). Refer to the following article for information on how to enable users to edit SQL Queries in the UI: Custom SQL Queries.

Custom SQL queries are validated before their execution. Please make sure to apply a secure SQL validation that prevents harmful request execution: SQL validation.

We recommend that you utilize the access control functionality of your database management system to achieve the highest level of database security.

Do Not Serialize Sensitive Info

You can set the DataConnectionBase.StoreConnectionNameOnly property to true to serialize only database connection names. This guarantees that the database credentials are never exposed in dashboard definitions.

The initial value of the DataConnectionBase.StoreConnectionNameOnly property is false. When this property is disabled, the behavior depends on the SqlWizardSettings.DatabaseCredentialsSavingBehavior and IConnectionStorageService.CanSaveConnection property values.

Entity Framework Data Source - Restrict Access to Unauthorized Assemblies

You cannot load custom assemblies that can be referenced by Entity Framework data sources (DashboardEFDataSource) (the default setting).

To permit a user to load a specific assembly, handle the DashboardDesigner.CustomAssemblyLoading / DashboardViewer.CustomAssemblyLoading events. An unauthorized attempt to load a custom assembly results in a CustomAssemblyLoadingProhibitedException.

Excel, Extract, and JSON Data Sources - Restrict Access to External Data Resources

The Dashboard Control gets data from resources stored on the disk or on the Internet. We recommend that you specify access settings for data resources (Excel, Extract, and JSON data sources).

You can read files from any directory by default. To protect your application, use the AccessSettings class to explicitly specify where data sources can be read from. To accomplish this, configure rules in the DataResources property to restrict file system access to specified folders. You can call the SetRules(IAccessRule[]) method when your application starts to specify rules before a dashboard control sets its rules. The SetRules(IAccessRule[]) method can be called only once at application startup. Otherwise, the method will raise an exception. Alternatively, you can use the TrySetRules(IAccessRule[]) method, which does not raise an exception.

Object Data Source - Validate Data

If a user opens the dashboard that contains the DashboardObjectDataSource, the following message appears before a data load operation:

WinDashboard_SecurityConsiderations_Warning

This dialog allows users to select whether to trust the object data sources available in the application. You can use the DataSourceOptionsContainer.ObjectDataSourceLoadingBehavior property to change this default logic. For instance, you can allow the application to load any object data sources, or you can load object data sources in safe mode when their data member and data source settings are cleared.

To obtain the DataSourceOptionsContainer object that exposes DataSourceOptionsContainer.ObjectDataSourceLoadingBehavior, use one of the following properties:

You can also handle the ObjectDataSource.BeforeFill event to execute custom validation for the specified data source. The corresponding static ObjectDataSource.BeforeFillGlobal event allows you to validate all object data sources in your application.

Clipboard Access Policy

The DevExpress.Data.Utils.ClipboardAccessPolicy allows you to control/manage clipboard-related operations when using the Dashboard Designer and Viewer controls.

Refer to the following help topic for more information: Clipboard Access Policy.