Monday, March 18, 2013 12:06 AM
Thanks in Advance,
I need to find the relivant documenation that describes the nature of the connection between a client and server for a SQL connection when SQL authentication is used. I'm not asking how to protect the password at the client end, but what happens when connection occurs. Will the SqlConnection class containing the userID and password in the connection string send this over the network in plain text?
Monday, March 18, 2013 8:42 AMModerator
If a connection string is built in the application , it is sent to the SQL Server and so visible on the network ( if the Integrated Security is set to true, the user and password are not visible after the connection is established )
Please, could you tell us the version of your .Net Framework (3.5,4.0,4.5) and of your SQL Server ( 2005,2008,2008 R2,2012 + last installed service pack ) ?
I have found http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcredential.aspx but it only for .Net Framework 4.5
Interesting is : "SqlCredential is comprised of a user id and a password that will be used for SQL Server Authentication. The password in a SqlCredential object is of type SecureString"
For SQL Server 2008 and 2008 R2 , the SMO documentation was giving a property for ServerConnection using a secure string but it has never worked.
Another possibility is to use an encrypted connection with a certificate
but I have never used this authentification way , so I cannot give any advice about it.
Don't hesitate to post again for more help or explanation. There is always somebody looking at this forum.
Mark Post as helpful if it provides any help.Otherwise,leave it as it is.