Force Protocol Encryption

From: Sam (Sam_at_discussions.microsoft.com)
Date: 12/06/04

• Next message: Stephen Dybing [MSFT]: "Re: installation problems"
• Previous message: Bonj: "RE: DBCC permissions"
• Next in thread: Kevin McDonnell [MSFT]: "RE: Force Protocol Encryption"
• Reply: Kevin McDonnell [MSFT]: "RE: Force Protocol Encryption"
• Reply: Sam: "RE: Force Protocol Encryption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 6 Dec 2004 07:35:02 -0800

I've an application that needs access to different SQL servers across the
Internet. To protect the data being transered I turned on Force Protocol
Encryption with SQL Server Network Utility & all the docs that describe the
implmentation. I tested the communications between my servers & determined
with Netmon that the data is encrypted.

This servers are also behind firewalls that restricts access to the database.

Now one of our developers tells me that he can connect to a SQL Server with
the Query utility & perform any query he wants.

Granted, this user has access to the servers through the firewalls, but why
can he see the results of a query on his end? I thought I would have needed
to export the certificate to his PC, etc., in order to allow him to see the
results of his query. I have determined that the information between his PC &
the server is encrypted, when he is using the Query utility.

At best I've only encrypted the data on the wire, but if anyone breaches the
firewall (by spoofing a valid IP address), they too can get any information
they desire from my database. Is this the way Force Protocol Encryption is
suppoed to work? Have I missed something with my implementation of it?

Thanks,
Sam

---

• Next message: Stephen Dybing [MSFT]: "Re: installation problems"
• Previous message: Bonj: "RE: DBCC permissions"
• Next in thread: Kevin McDonnell [MSFT]: "RE: Force Protocol Encryption"
• Reply: Kevin McDonnell [MSFT]: "RE: Force Protocol Encryption"
• Reply: Sam: "RE: Force Protocol Encryption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Encrypting remote files with EFS ... >They really don't have trusted for delegation. ... >local EFS credentials as the domain user. ... >If you really want to disable EFS on the file servers use a Group Policy ... remote encryption is not enabled by default. ... (Focus-Microsoft) RE: Encrypting remote files with EFS ... Encrypting remote files with EFS ... My suspicion would be that the files on the suspect servers are not ... remote encryption is not enabled by default. ... (Focus-Microsoft) Re: spam in ALA ... I think Usenet will never die. ... widespread distribution abilities with numerous readable servers, i.e., ... I.e., posting encrypted email ... communications secured by public key encryption methods to random groups on ... (alt.lang.asm) Re: Encrypting remote files with EFS ... If you need something "Cost Comparable" to EFS (i.e. if you chose EFS ... file servers. ... remote encryption is not enabled by default. ... (Focus-Microsoft) Re: Encrypting remote files with EFS ... My suspicion would be that the files on the suspect servers are not actually ... Encrypting remote files with EFS ... remote encryption is not enabled by default. ... (Focus-Microsoft)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)