SQL Server security
Hello guys,
We're changing the way we use secure connections between our .NET applications (VB and C#) and SQL Server.
Currently we're encrypting the connection strings in our code but we MUST decrypt it before "sending" it to SQL Server.
I've been told that SQL Server 2000 (the version we're currently using) has it's own encryption system.
Does anybody knows how to activate it, configure it and use it in .NET applications ?
Thank you all
[492 byte] By [
Michael] at [2007-11-11 6:47:43]
# 1 Re: SQL Server security
AFAIK, as of SQL Server 7.0 credentials are automatically encrypted when using the SQL Server client libraries. Of course the most secure method is to use Integrated Windows Security since no user ID and password information is actually passed across the network.
# 2 Re: SQL Server security
Thnx Paul
And is it possible to use it in connection strings form within projects ?, do you know where can I find information about how to use it in connection strings ?
Thank you
# 3 Re: SQL Server security
Encrypting user ID and password information in a connection string is different than what I am referring to. I'm not aware of any way to pass encrypted credentials from a connection string and have SQL Server decrypt it before attempting to log the user into the database.
# 4 Re: SQL Server security
You can use SSL to encrypt the communication between SQL Server and the client application. You would install an SSL certificate on the SQL Server and a root certificate on the client application machine. You would then configure the Client Network Utility on the client application machine and the Server Network Utility on the SQL Server to set it up.
