Security: ADO.Net and SQL Server

  • Thread starter Thread starter ThomasLl
  • Start date Start date
T

ThomasLl

I have a client machine with a VB.net app and a SQL Server
database out on a leased server on the net.

Does this connection string get encrypted when connecting?

"Server=ntsql.somewhere.net;uid=username;pwd=pwd;database=M
yDB"

If not, what do I do to make this connection string not be
open for text viewing when sent over the net?

Thanks,
ThomasLL
..
 
I don't know if it will be encrypted bu why don't u use
SSPI trusted connection instead??
 
Not really, the connection information is passed over the wire to the server
unencrypted so it can be seen in a network packet. Yes SSPI is more secure.

--
____________________________________
William (Bill) Vaughn
Author, Mentor, Consultant
MVP, hRD
www.betav.com
Please reply only to the newsgroup so that others can benefit.
This posting is provided "AS IS" with no warranties, and confers no rights.
__________________________________
 
So, how do you security the connection string using
ADO.Net and SQL Server? How is SSPI used with .Net
connections?

Thanks,
Thomas LeBlanc
 
When your code uses "Integrated Security=SSPI", the .NET Data Provider
passes your windows authentication credentials to SQL Server who, in turn
revalidated them and verifies that the domain name is registered as either a
valid Login for the selected default database, or a member of an NT domain
group that's been granted rights to the specified database. This way no
visible login credentials are passed over the wire.

hth

--
____________________________________
William (Bill) Vaughn
Author, Mentor, Consultant
MVP, hRD
www.betav.com
Please reply only to the newsgroup so that others can benefit.
This posting is provided "AS IS" with no warranties, and confers no rights.
__________________________________
 
We are not using Integrated Security, we will be use SQL
Server security.

The database server does not belong to the customer. It is
leased. We only have a SQL Server login and password, no
Domain name and password.

Thanks,
ThomasLL
 
Ah, you said in your reply:
"So, how do you security the connection string using
Do you still have a question?

--
____________________________________
William (Bill) Vaughn
Author, Mentor, Consultant
MVP, hRD
www.betav.com
Please reply only to the newsgroup so that others can benefit.
This posting is provided "AS IS" with no warranties, and confers no rights.
__________________________________
 
How do we secure the connection string if connecting from
SDO.Net to SQL Server if you have to use SQL Server
security?

We are not in the same Domain, thus we can not use
Integrated Security.

The SQL Server database server is leased from a third
party. 1 name and 1 password to SQL Server, no access to
their machine.

Thanks,
ThomasLL
 
Well, you can encrypt the connection string until it's needed, but a net
sniffer will be able to see the username and password pass over the wire.

--
____________________________________
William (Bill) Vaughn
Author, Mentor, Consultant
MVP, hRD
www.betav.com
Please reply only to the newsgroup so that others can benefit.
This posting is provided "AS IS" with no warranties, and confers no rights.
__________________________________
 
Back
Top