locked
connection security RRS feed

  • Question

  • hey guys 

    i created one login witch  is used in connection string of my application

    i want that password should be encrypted while passing through connection string 

    i don't want our developer to know that password 

    how to do that 

    is there any way to that from sql 

    please let me know



    • Edited by Rakesh Talla Tuesday, March 19, 2013 11:25 AM missing word
    Tuesday, March 19, 2013 11:24 AM

Answers

  • Hi,

    You can use Windows authentication, if in case your application have tendency to work with kerberos authentication. 

    .


    RM Thirunavukkarasu | | http://thiruna.blog.com/ |

    • Marked as answer by Fanny Liu Monday, March 25, 2013 10:39 AM
    Tuesday, March 19, 2013 11:27 AM
  • Connecting through the SQL Server Native Client always encrypts the password during transit. There might be exposure in the client application before the SQL Server Native Client receives the password. And I can't comment if you are not connecting through the SQL Server Native Client. I don't understand your environment, but I would expect the developer to be able to see where you put the password in your application (though of course I don't know anything about your app).

    I agree with Thirunavukkarasu that using Windows Authentication might solve your problem. And remember that any member of the local administrators group on the SQL Server computer can access SQL Server as an administrator.


    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty

    • Marked as answer by Fanny Liu Monday, March 25, 2013 10:40 AM
    Tuesday, March 19, 2013 3:55 PM
  • Hi,

    you just need to use ConfigurationManager class in .Net Framework and try to encrypt and save the ConnectionString section in AppConfig file. that is the only way you can do, or you create your own AppConfig class and serialize it as binary (if you use other platform than .Net);

    SQL Server always encrypt the username and password in SNI layer.

    Best Regards
    Hamid J. Fard
    • Marked as answer by Fanny Liu Monday, March 25, 2013 10:41 AM
    Wednesday, March 20, 2013 10:09 AM
  • login password in connection string, If you are using webconfig for passing over credentials to applciation then you are encrypt the password in webconfig files.

    To do it from SQL Server, you can plan to use windows authentication that is more secure than SQL authentication.


    Regards,
    Rohit Garg
    (My Blog)
    This posting is provided with no warranties and confers no rights.
    Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

    • Marked as answer by Fanny Liu Monday, March 25, 2013 10:41 AM
    Thursday, March 21, 2013 7:30 PM

All replies

  • Hi,

    You can use Windows authentication, if in case your application have tendency to work with kerberos authentication. 

    .


    RM Thirunavukkarasu | | http://thiruna.blog.com/ |

    • Marked as answer by Fanny Liu Monday, March 25, 2013 10:39 AM
    Tuesday, March 19, 2013 11:27 AM
  • Connecting through the SQL Server Native Client always encrypts the password during transit. There might be exposure in the client application before the SQL Server Native Client receives the password. And I can't comment if you are not connecting through the SQL Server Native Client. I don't understand your environment, but I would expect the developer to be able to see where you put the password in your application (though of course I don't know anything about your app).

    I agree with Thirunavukkarasu that using Windows Authentication might solve your problem. And remember that any member of the local administrators group on the SQL Server computer can access SQL Server as an administrator.


    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty

    • Marked as answer by Fanny Liu Monday, March 25, 2013 10:40 AM
    Tuesday, March 19, 2013 3:55 PM
  • Hi,

    you just need to use ConfigurationManager class in .Net Framework and try to encrypt and save the ConnectionString section in AppConfig file. that is the only way you can do, or you create your own AppConfig class and serialize it as binary (if you use other platform than .Net);

    SQL Server always encrypt the username and password in SNI layer.

    Best Regards
    Hamid J. Fard
    • Marked as answer by Fanny Liu Monday, March 25, 2013 10:41 AM
    Wednesday, March 20, 2013 10:09 AM
  • login password in connection string, If you are using webconfig for passing over credentials to applciation then you are encrypt the password in webconfig files.

    To do it from SQL Server, you can plan to use windows authentication that is more secure than SQL authentication.


    Regards,
    Rohit Garg
    (My Blog)
    This posting is provided with no warranties and confers no rights.
    Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

    • Marked as answer by Fanny Liu Monday, March 25, 2013 10:41 AM
    Thursday, March 21, 2013 7:30 PM