Re: SQL Connection string passwords
- From: "Uri Dimant" <urid@xxxxxxxxxxx>
- Date: Mon, 25 May 2009 08:42:13 +0300
Brian
The Encrypt Database="True" pair is really not necessary as the presence
of the Password-parameter itself turns on encryption for the connection.
Yes , since SQL Server 2005 and onwards SQL Server has more power protection
of users/password for applications use SQL Authentication.
If you are still concered I would recommedn you using Windows Authentiaction
rather SQL ,what do you think?
"Brian Stoop" <b.stoop@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23UioocJ3JHA.5244@xxxxxxxxxxxxxxxxxxxxxxx
I am concered that connections from an application that include usernames
and passwords in their connection strings, could be compromised by
analysing the connection traffic, and have the password revealed.
However I came across this statement here
http://www.connectionstrings.com/sql-server-2005-ce
-----------------
Use this connection string to enable encryption on the database.
Data Source=MyData.sdf;Encrypt Database=True;Password=myPassword;File
Mode=shared read;Persist Security Info=False;
The Encrypt Database="True" pair is really not necessary as the presence
of the Password-parameter itself turns on encryption for the connection.
-------------------
Is this statement " the Password-parameter itself turns on encryption for
the connection" apply to any connection strings to MS SQL databases?.
thanks, Brian
.
- Follow-Ups:
- Re: SQL Connection string passwords
- From: Brian Stoop
- Re: SQL Connection string passwords
- References:
- SQL Connection string passwords
- From: Brian Stoop
- SQL Connection string passwords
- Prev by Date: SQL Connection string passwords
- Next by Date: Re: SQL Connection string passwords
- Previous by thread: SQL Connection string passwords
- Next by thread: Re: SQL Connection string passwords
- Index(es):
Relevant Pages
|
