Re: SQL Server Authentication hacking
From: jimmers (jimmers@yandex.ru)
Date: 09/24/02
- Next message: jimmers: "Re: connection problem."
- Previous message: Arvid Mestdagh: "connection problem."
- In reply to: dave: "SQL Server Authentication hacking"
- Next in thread: Richard Waymire [MS]: "Re: SQL Server Authentication hacking"
- Reply: Richard Waymire [MS]: "Re: SQL Server Authentication hacking"
- Reply: Steve Hendricks: "Re: SQL Server Authentication hacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "jimmers" <jimmers@yandex.ru> Date: Tue, 24 Sep 2002 15:02:35 +0400
Maybe You mean "vulnerable"? If so, SQL Server Authentication
is vulnerable to sniffers that can decrypt password. Other information
(like User ID, Initial Catalog etc) is sent over wire unencrypted.
Cheers
jimmers
"dave" <david_whitehouse@embanet.com> wrote in message
news:73c101c263b8$01ba3cf0$3bef2ecf@TKMSFTNGXA10...
> I currently connect to SQL 7 and 2K servers using SQL
> server authentication. This means that in the connection
> string from the VB client application the username and
> password is passed across the network (connection string
> is shown below and uses ADO 2.7)
>
> I am trying to find out if this method is venerable to
> hackers who could potentially get this information and
> then log in themselves. Is this the case or is the
> information encrypted?
>
>
> db.Open "Provider=SQLOLEDB.1;Password=xyz;Persist Security
> Info=False;User ID=abc;Initial Catalog=DBname;Data
> Source=servername"
>
- Next message: jimmers: "Re: connection problem."
- Previous message: Arvid Mestdagh: "connection problem."
- In reply to: dave: "SQL Server Authentication hacking"
- Next in thread: Richard Waymire [MS]: "Re: SQL Server Authentication hacking"
- Reply: Richard Waymire [MS]: "Re: SQL Server Authentication hacking"
- Reply: Steve Hendricks: "Re: SQL Server Authentication hacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
