Re: ADO.NET security in Windows App?

From: Rob R. Ainscough (robains_at_pacbell.net)
Date: 06/29/05

Next message: JCreasy: "Running a section of code with admin privileges"
Previous message: Dominick Baier [DevelopMentor]: "Re: ADO.NET security in Windows App?"
In reply to: Dominick Baier [DevelopMentor]: "Re: ADO.NET security in Windows App?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 28 Jun 2005 17:42:15 -0700

Dominick,

Thanks for the info you've been a great help -- sometimes I feel the entire
internet needs a serious overhaul -- getting secure work done takes WAY too
much effort and recurring costs.

Internet development seems so slow and hokie (at best) and put together with
chewing gum that could break if someone just sneezes. I'm seriously
rethinking my strategy and going with a simple .NET Windows app that people
can download and install from a basic web page. Managed .NET apps have very
small signatures and since Longhorn will have .NET framework built in...

Something has gotta change, cause security model and rendering of pages
every time is for the birds -- it really is like stepping 20-30 years back
in time. There must be a better way.

Rob.

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:526693632555969145254319@news.microsoft.com...
> Hello Rob,
>
>
> this depends on how you address the web server - the cert has the DNS name
> embedded -exactly the name that clients use to connect to the server - if
> that is the same name for www and sql - you could use the same one.
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> Found the article on how to enable SSL on SQL Server -- not clear on
>> the certificate? Does the certificate need to be different than what
>> is used on the web server (IIS)? In my case the SQL Server and Web
>> Server are located on the same server box. So I would need to
>> purchase 2 certificates?
>>
>> "Dominick Baier [DevelopMentor]"
>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>> news:526574632555904470267683@news.microsoft.com...
>>
>>> Hello Rob,
>>>
>>> that's a SQL server configuration. Consult SQL Server Books Online
>>> (BOL). You have to install a certificate for sql server in the cert
>>> store of the service account.
>>>
>>> If you can't find any useful information on how to do this - get back
>>> to me.
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> So do I specify in my connection string "Integrated Security=SSL" ?
>>>>
>>>> As usual, my MSDN search provides a bunch of information not
>>>> relevant to my search criteria -- MSDN is becoming more more useless
>>>> -- I get better search hit using Google -- frustrating.
>>>>
>>>> "Dominick Baier [DevelopMentor]"
>>>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>>>> news:523796632555552049163721@news.microsoft.com...
>>>>
>>>>> Hello Rob,
>>>>>
>>>>> SQL communication is clear text. This includes the initial password
>>>>> in the connection string as well as all data you send between
>>>>> client/server.
>>>>>
>>>>> You have two options if you want to secure the data
>>>>>
>>>>> - IPSec tunnel between the two parties
>>>>> - Enable SSL in SQL Server
>>>>> ---------------------------------------
>>>>> Dominick Baier - DevelopMentor
>>>>> http://www.leastprivilege.com
>>>>>> I've coded a VB.NET windows service that uses ADO.NET to
>>>>>> communicate
>>>>>> with both a MS Access database and an MS SQL Server 2000 database.
>>>>>> I'm using SQL Authentication to validate access, but I'm not sure
>>>>>> what
>>>>>> options I have (if any) to secure the data
>>>>>> transmission/communicate
>>>>>> between my Windows Service and the SQL Server.
>>>>>> I know with my web apps I can uses SSL, but what about standard
>>>>>> .NET
>>>>>> Windows apps -- do I have anyway to secure the data transmission
>>>>>> to/from the SQL Server?
>>>>>> Thanks,
>>>>>>
>
>
>

Next message: JCreasy: "Running a section of code with admin privileges"
Previous message: Dominick Baier [DevelopMentor]: "Re: ADO.NET security in Windows App?"
In reply to: Dominick Baier [DevelopMentor]: "Re: ADO.NET security in Windows App?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: General Certificate Question
... On the "Web Server Certificate" page, choose "Create a new Web server ... If you do not run SBS, please repost your issue in Windows server newsgroup ...
(microsoft.public.windows.server.sbs)
Re: IIS 5.0 Certificate
... Your Web server do not send out private key. ... Review this kb on how to use Cert Server with IIS ... Using Certificate Server 2.0 to Generate a Server Certificate for Use with ...
(microsoft.public.inetserver.iis.security)
Re: Issuing Web Browser digital certificates
... > My company would like to have an offline Windows Server 2003 standalone ... Users would either be sent a certificate to install or a tech ... I am really not sure how to initiate a request at our offline ... access to the Web server. ...
(microsoft.public.security)
IIS 6 Directory Services Mapping ACL Problems
... We are trying to configure certificate based logins using the ... When I authenticate on our web server with my certificate I my domain ... account username shows up in the web log. ... The files are stored on another server in the domain. ...
(microsoft.public.inetserver.iis.security)
Re: Secure automation?
... To provide secured web services, a server SSL certificate is ... The downside with this is that the web server will ask ... To be able to verify a server certificate, a web browser needs to ...
(comp.security.unix)