Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / July 2006

Tip: Looking for answers? Try searching our database.

SQL Server Password In Transit

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
John Aspenleiter - 25 Jul 2006 22:37 GMT
I'm not using SSL.  I'm wondering if when using a SQL Server account, when I
send my login credentials to SQL Server, is the password in transit encrypted
automatically?  

I understand that using trusted connections is the best way, but not all of
our apps can change to use trusted connections.

Thanks!
Reply to this Message
Arnie Rowland - 25 Jul 2006 22:59 GMT
I believe that only the ODBC provider has an encryption option. I always
assume that SQL Server username/passwords are vulnerable by packet sniffing.

Signature

Arnie Rowland, Ph.D.
Westwood Consulting, Inc

Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous

> I'm not using SSL.  I'm wondering if when using a SQL Server account, when
> I
[quoted text clipped - 7 lines]
>
> Thanks!
Reply to this Message
A McGuire - 28 Jul 2006 14:54 GMT
http://support.microsoft.com/kb/316898/

You can enable the Force Protocol Encryption option on the server, or on
the client via the Client (or Server) Network Utility also.

>I believe that only the ODBC provider has an encryption option. I always
>assume that SQL Server username/passwords are vulnerable by packet
[quoted text clipped - 11 lines]
>>
>> Thanks!
Reply to this Message
Arnie Rowland - 28 Jul 2006 15:42 GMT
Of course, since the OP indicated that SSL is not being used, it makes that
approach a bit more difficult.

Signature

Arnie Rowland, Ph.D.
Westwood Consulting, Inc

Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous

> http://support.microsoft.com/kb/316898/
>
[quoted text clipped - 16 lines]
>>>
>>> Thanks!
Reply to this Message
A McGuire - 28 Jul 2006 16:02 GMT
I suppose I was thinking aloud - sorry.

> Of course, since the OP indicated that SSL is not being used, it makes
> that approach a bit more difficult.
[quoted text clipped - 19 lines]
>>>>
>>>> Thanks!
Reply to this Message
Arnie Rowland - 28 Jul 2006 16:22 GMT
Not a problem, just wanted to clarify the issue to solve so we didn't
confuse others reading the thread.

Signature

Arnie Rowland, Ph.D.
Westwood Consulting, Inc

Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous

>I suppose I was thinking aloud - sorry.
>
[quoted text clipped - 21 lines]
>>>>>
>>>>> Thanks!
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.