Re: SQL Server Authentication hacking

From: Richard Waymire [MS] (rwaymi_ms@microsoft.com)
Date: 09/24/02 

From: "Richard Waymire [MS]" <rwaymi_ms@microsoft.com>
Date: Tue, 24 Sep 2002 09:12:55 -0700

Which is why it's a good idea to use either IPSec or SSL encryption for your
connections :-) 

--
Richard Waymire, MCSE, MCDBA
This posting is provided "AS IS" with no warranties, and confers no rights.
"jimmers" <jimmers@yandex.ru> wrote in message
news:#jY9#m7YCHA.2532@tkmsftngp12...
> Maybe You mean "vulnerable"? If so, SQL Server Authentication
> is vulnerable to sniffers that can decrypt password. Other information
> (like User ID, Initial Catalog etc) is sent over wire unencrypted.
>
> Cheers
> jimmers
>
>
> "dave" <david_whitehouse@embanet.com> wrote in message
> news:73c101c263b8$01ba3cf0$3bef2ecf@TKMSFTNGXA10...
> > I currently connect to SQL 7 and 2K servers using SQL
> > server authentication. This means that in the connection
> > string from the VB client application the username and
> > password is passed across the network (connection string
> > is shown below and uses ADO 2.7)
> >
> > I am trying to find out if this method is venerable to
> > hackers who could potentially get this information and
> > then log in themselves. Is this the case or is the
> > information encrypted?
> >
> >
> > db.Open "Provider=SQLOLEDB.1;Password=xyz;Persist Security
> > Info=False;User ID=abc;Initial Catalog=DBname;Data
> > Source=servername"
> >
>
>

Relevant Pages

  • Re: [SOLVED] Cannot display provider-specific login prompt
    ... scenario where the program wouldn't have to know about the database, ... ConnectionStringBuilder up to a PropertyGrid for the end user to populate), ... details of the connection, for the sake of the program being able to connect ... information about the connection string that I will need. ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Complicated Connection Problems bewteen ADP and SQL Server
    ... front end on the 5-8 workstations where the users happen to sit. ... expertise for getting the user workstations talking to the SQL Server. ... connection would fail and the adp wouldn't be able to talk to the server. ... thought that I should instead change my connection string to something ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Fujitsu NetCobol 8.0
    ... You cannot use a connection string in the way you have shown and expect it ... Any Fujitsu NetCobol / PowerCobol users here? ... Use the ADO control provided in PowerCOBOL, ...
    (comp.lang.cobol)
  • Re: Changing Connection String programmatically
    ... This is a good situation for putting the connection string information in the app.config file. ... every year we will create new database. ... change the body of the private void InitConnection(), ...
    (microsoft.public.sqlserver.connect)
  • Re: ASP.net and Oracle error System.Data.OleDb.OleDbException
    ... Also see http://www.connectionstrings.com/ and try other providers ... > Here is some of my connection code: ... >> And are you sure your connection string is ok. ... >>> Oracle error occurred, but error message could not be retrieved from ...
    (microsoft.public.dotnet.framework.aspnet)