Systematic performance, and Security evaluation of .NET models for accessing database

Abstract

In .NET, Object Relational Mapping (ORM) is a programming technique used for accessing the database, which has many frameworks, like Entity Framework, LINQ to SQL, NHibernate, Tele rick Open Access, Light Speed. The LINQ to SQL and Entity Framework usability has increased. This is because of the reason that in these two frameworks full CRUD (Create, Read, Update and Delete) operations can be implemented in short time as compared to Transact Queries, which require more time. In case of multiple projects on various models; Transact Query, LINQ to SQL, and Entity Framework, it becomes difficult to decide which model is the best in terms of performance and security. Therefore, in this article, we provide a comprehensive comparison between Entity Framework, LINQ to SQL and Transact Queries in terms of performance and security. For this purpose, we implemented eleven different types of queries on the selected three frameworks. Subsequently, we quantified and evaluated the execution time and memory usage of all the queries. Furthermore, all types of SQL injection attacks have been applied on three separate applications for security evaluation. Our results show that, the Transact Query is more vulnerable to SQL injection attacks as compared to LINQ to SQL and Entity Framework. Our results show that Transact Query outperforms in terms of memory and CPU usage.  Our results also help the practitioner in adopting a framework on the basis of query level performance in terms of memory and CPU usage.