Re: Transmission of Username & Password?
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Fri, 28 Sep 2007 22:19:02 +0000 (UTC)
MaxGruven (MaxGruven@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
Is the Username and Password specified in the Connection String of an
ASP.NET application transmitted to an SQL Server 2005 send as clear text
from the IIS Server?
No, but the default method only means obfustication, so there is no
security.
You can set up SSL for an encrypted connection. I also read
ms-help://MS.SQLCC.v9/MS.SQLSVR.v9.en/dataacc9/html/f4c63206-80bb-4d31-84ae-
ccfcd563effa.htm
in Books Online which discusses some methods, although in the context
of SQL Native Client.
It seems like using Integrated Security in the connection string might
work… but how can I be sure there is not username/password sent?
Yes, but I've people with ASP .Net experience advocate that ASP .Net
application should use SQL authentication.
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- Prev by Date: Re: Transmission of Username & Password?
- Next by Date: Re: Extracting logins from a master database
- Previous by thread: Re: Transmission of Username & Password?
- Index(es):
Relevant Pages
|
|
