Re: Encrypt connection channel

From: Alek Davis (alek_DOT_davis_AT_intel_DOT_com)
Date: 07/23/03 

Date: Wed, 23 Jul 2003 11:04:09 -0700

Tushar,

I assume that you are talking only about encryption during transmission, so
this question is not about how to store sensitive data in a database. If
this is the case, you can simply use SSL. Check the article "How To: Use SSL
to Secure Communication with SQL Server 2000" at
http://msdn.microsoft.com/architecture/application/default.aspx?pull=/library/en-us/dnnetsec/html/SecNetHT19.asp
(or http://tinyurl.com/htj1). To protect SQL credentials, I think you can
set the "Persist Security Info" property to false.

Alek

"Tushar Karsan" <Tushar.KARSAN@Nottingham.Sema.slb.com> wrote in message
news:uRNTcrFUDHA.2196@TK2MSFTNGP12.phx.gbl...
> (Been reading other messages on this subject but could not find an answer,
> that is why I'm posting this. Please note, although I have posted to
several
> groups, I've set follow-to microsoft.public.sqlserver.security in case I
> posted to where I shouldn't have, sorry if I have).
>
> Using
> + ASP.Net
> + SQL Server 2000
> + Windows 2K Adv. Server.
>
> It is possible to encryp data that is exchanged between ASP.Net server in
> DMZ and SQL Server in secured zone? By that I mean securing all that data
> that passes though the firewall on port 1433 between ASP.Net and SQL
Server.
> I guess there are two aspects to this question:
>
> 1 Encrypt the connection string that is used to make a connection, ie pass
> and ancrypted connection string from ASP.Net to SQL Server to make a
> connection. Does ADO.Net and SQL Server support this feature?
>
> 2 Encryption of sensitive sensitive query data that is exchanged between
> ASP.Net and SQL Server. By this I mean storing the data in cleartext, then
> have it ecrypted while it is in transition from the DB server to ASP.Net
> then have in decrypted back into cleartext in ASP.Net application. Is that
> possible?
>
> I suppse if either of the above is not possible then I will have to store
> the sensitive data into the DB encrypted and have it decrypted after
> reading. The problem with this method is that session keys cannot be used:
> the key used for encryption / decryption needs to be fixed for all time.
>
> Please help.
>
>

Relevant Pages

  • Re: Help Encrypting Connection String
    ... I have simply 'overridden' the LocalSqlServer connection string to point to my SQL Server DB. ... to encrypt the section and places it into web.config - the config file then refers to the reg key. ... I don't like to hardcode anything, in general, but I'd rather do that with an encryption key than the underlying data itself. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Connection to SQL Server CE Windows Service via C# - Error 250
    ... Encryption is not specified in the connection string. ... connect to it via the windows service under the Local Service account. ... I'm using SQL Server Compact Edition as a private data store. ...
    (microsoft.public.sqlserver.ce)
  • Re: Encryption of Connection String
    ... I don't think ANY encryption is applied to the string by default. ... > Do you know what level of encryption IS applied to the connection string? ... >> to the SQL Server via SQL authentication the password is only ...
    (microsoft.public.sqlserver.security)
  • Encrypt connection channel
    ... (Been reading other messages on this subject but could not find an answer, ... DMZ and SQL Server in secured zone? ... Encrypt the connection string that is used to make a connection, ... Encryption of sensitive sensitive query data that is exchanged between ...
    (microsoft.public.security)
  • Encrypt connection channel
    ... (Been reading other messages on this subject but could not find an answer, ... DMZ and SQL Server in secured zone? ... Encrypt the connection string that is used to make a connection, ... Encryption of sensitive sensitive query data that is exchanged between ...
    (microsoft.public.security)