Re: Encrypt connection channel

From: Jasper Smith (jasper_smith9_at_hotmail.com)
Date: 07/23/03 

Date: Wed, 23 Jul 2003 18:44:18 +0100

See my reply in microsoft.public.sqlserver.security 

-- 
HTH
Jasper Smith (SQL Server MVP)
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
"Tushar Karsan" <Tushar.KARSAN@Nottingham.Sema.slb.com> wrote in message
news:%23GBRl7FUDHA.2008@TK2MSFTNGP11.phx.gbl...
(Been reading other messages on this subject but could not find an answer,
that is why I'm posting this. Please note, although I have posted to several
groups, I've set follow-to microsoft.public.sqlserver.security in case I
posted to where I shouldn't have, sorry if I have).
Using
 + ASP.Net
 + SQL Server 2000
 + Windows 2K Adv. Server.
It is possible to encryp data that is exchanged between ASP.Net server in
DMZ and SQL Server in secured zone? By that I mean securing all that data
that passes though the firewall on port 1433 between ASP.Net and SQL Server.
I guess there are two aspects to this question:
1 Encrypt the connection string that is used to make a connection, ie pass
and ancrypted connection string from ASP.Net to SQL Server to make a
connection. Does ADO.Net and SQL Server support this feature?
2 Encryption of sensitive sensitive query data that is exchanged between
ASP.Net and SQL Server. By this I mean storing the data in cleartext, then
have it ecrypted while it is in transition from the DB server to ASP.Net
then have in decrypted back into cleartext in ASP.Net application. Is that
possible?
I suppse if either of the above is not possible then I will have to store
the sensitive data into the DB encrypted and have it decrypted after
reading. The problem with this method is that session keys cannot be used:
the key used for encryption / decryption needs to be fixed for all time.
Please help.

Relevant Pages

  • Re: SQL or Access DB
    ... As far as encryption goes though... ... with Sql Server you can use SQL DMO and encrypt your stored procedures ... installation - Security was absolutely critical and in most instances, ... > then we create a nice gui around this database and sell it to automotive ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Connecting to Sql Server using an IP address
    ... using IP address without port number (default port number ... of SQL Server is 1433) cannot connect to the SQL Server on a remote ... name in the connection string can connect the remote machine successfully. ... Microsoft Online Community Support ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Help Encrypting Connection String
    ... I have simply 'overridden' the LocalSqlServer connection string to point to my SQL Server DB. ... to encrypt the section and places it into web.config - the config file then refers to the reg key. ... I don't like to hardcode anything, in general, but I'd rather do that with an encryption key than the underlying data itself. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Protecting database structure
    ... can use the new encryption support that comes out of the box in SQL server ... SQL server will only see encrypted data. ... you could do what SAP and other ERP vendors do: obfuscate the schema ... Microsoft Online Partner Support ...
    (microsoft.public.sqlserver.security)
  • RE: SQL server does not allow remote connections error
    ... Server 2005 however another web application could connect to the SQL Server ... use the alias in your connection string to connect to your SQL Server. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.sqlserver.connect)