locked
Traffic Between SSMS and remote server RRS feed

  • General discussion

  • Hello ,

    how does SQL Server managent Studion send the credntial to remote server ? in plain text format .. i am afrid that anyone can listen to trafic and get my credntial ?

    Thanks in advance

    Tuesday, December 25, 2012 10:53 AM

All replies

  • Your credentials are always passed in encrypted format by SQL Server.  However the data communications are in plain text by default.

    http://www.mssqltips.com/sqlservertip/2436/what-does-my-sql-server-data-look-like-over-the-wire?/

    Here is a link that shows how the credentials are sent when using different providers like ODBC, OLEDB etc

    Regards
    Satheesh

    Tuesday, December 25, 2012 12:07 PM
  • thnaks for your respnd,

    To encrypt a connection from SQL Server Management Studio

      • On the Object Explorer toolbar, click Connect, and then click Database Engine.

      • In the Connect to Server dialog box, complete the connection information, and then click Options.

      • On the Connection Properties tab, click Encrypt connection.

    Tuesday, December 25, 2012 12:37 PM
  • Login credentials are always encrytped irrespective of the encrypt connection setting in SSMS
    Tuesday, December 25, 2012 12:43 PM
  • This is for encrypting the resultsets coming from as well as any requests that are sent to SQL server 

    Regards
    Satheesh

    Tuesday, December 25, 2012 4:37 PM
  • Click this for details 
    http://msdn.microsoft.com/en-us/library/ms189067(v=SQL.100).aspx

    It states that

    Credentials (in the login packet) that are transmitted when a client application connects to SQL Server are always encrypted. SQL Server will use a certificate from a trusted certification authority if available. If a trusted certificate is not installed, SQL Server will generate a self-signed certificate when the instance is started, and use the self-signed certificate to encrypt the credentials. This self-signed certificate helps increase security but it does not provide protection against identity spoofing by the server. If the self-signed certificate is used, and the value of the ForceEncryptionoption is set to Yes, all data transmitted across a network between SQL Server and the client application will be encrypted using the self-signed certificate

    Regards
    satheesh

    Wednesday, December 26, 2012 6:41 AM