Before you start writing code, there are a number of important issues to consider at design time. The key considerations are:
Use Windows authentication.
Use least privileged accounts.
Use stored procedures.
Protect sensitive data in storage.
Use separate data access assemblies.
Ideally, your design should use Windows authentication for the added security benefits. With Windows authentication, you do not have to store database connection strings with embedded credentials, credentials are not passed over the network, and you benefit from secure account and password management policies. You do however need to carefully consider which account you will use to connect to SQL Server using Windows authentication. ...