RE: Force Protocol Encryption

From: Kevin McDonnell [MSFT] (kevmc_at_online.microsoft.com)
Date: 12/06/04 

Date: Mon, 06 Dec 2004 20:16:33 GMT

Hi Sam,
  From your previous post:
Now one of our developers tells me that he can connect to a SQL Server with
the Query utility & perform any query he wants.

Granted, this user has access to the servers through the firewalls, but why
can he see the results of a query on his end? I thought I would have needed
to export the certificate to his PC, etc., in order to allow him to see the
results of his query. I have determined that the information between his PC
&
the server is encrypted, when he is using the Query utility.

- Response.
When you enable protocol encryption from the Serverside via Server Network
Utility, we are only encrypting the traffic.
Therefore if you do a network trace, the traffic on the wire is encrypted.
Users who have access to the server and the database, will be able
to query the data. It is decrypted for them on the fly.

If you want the client to mutually authenticate the server, you need to
enable the force protocol encryption from the client.

See this kb:
276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
Server
http://support.microsoft.com/?id=276553

Additionally,
                  when you enable Force Protocol Encryption from the server, it encrypts
the logins and
                  data. However, it does not require the client to trust the same root
authority. If
                  you prefer the client to trust the same root authority, you must use
Client Network Utility or the connection string option to force
                  protocol encryption on the client. This is by design.

Thanks,

Kevin McDonnell
Microsoft Corporation

This posting is provided AS IS with no warranties, and confers no rights.

Relevant Pages

  • Re: MailMerge hangs and crashes with Access on Server
    ... Since I am fairly new to working in this environment, I am not sure what you mean by an "Access group" with help to restructuring the query? ... "Peter Jamieson" wrote: ... All I know is that the performance of queries depends to a large extent on whether, for example, a join is performed on the client side, or on the server side, incurring no network traffic and potentially benefitting from caching on the server. ... There are no dialog boxes, and actually, I have now split the database, and have kept the Word templates and the Access frontend locally on my machine, and moved the backend to the server. ...
    (microsoft.public.word.mailmerge.fields)
  • Re: Performance Benchmarks?
    ... Are attribute relationships defined properly on the dimensions? ... If you run Profiler against the server, how long is spent in "Query ... I have created aggregations (Partitions tab in cube design). ...
    (microsoft.public.sqlserver.olap)
  • High CPU in client (Excel, OWC, Proclarity, etc.) accessing Analysis Services
    ... the OWC10 with 3 dimensions on the row axis, ... The largest size of any of these 4 dimensions < 360 members. ... Performance Guide to optimize the query, the cube, the server, etc. ...
    (microsoft.public.sqlserver.olap)
  • Re: Performance Benchmarks?
    ... adding memory on the server can help you; more data can be cached on the ... Here is my test query. ... )} DIMENSION PROPERTIES MEMBER_CAPTION, MEMBER_UNIQUE_NAME ON ROWS FROM ... I have created aggregations (Partitions tab in cube design). ...
    (microsoft.public.sqlserver.olap)
  • Re: MailMerge hangs and crashes with Access on Server
    ... restructuring a complex query. ... discards 99% of them), or on the server side, incurring no network ... the database is locked and Word will not open the data source. ... have kept the Word templates and the Access frontend locally on my machine, ...
    (microsoft.public.word.mailmerge.fields)