none
Does ADO.NET encrypt Data when passing to DB RRS feed

  • Question

  • We have a windows application on our intranet communicating with SQL Server 2005.  It is passing sensitive data back and forth via a DataAdapter Fill().  The connection string is below.  Does this encrypt the data?  If not, what is the best way to protect the data?

     

    ...

    connectionStrings>

    <add name="connStringName" connectionString="Data Source=serverName;Initial Catalog=dbName;Integrated Security=True"/>

    Friday, May 23, 2008 8:01 PM

Answers

  • No, it does not encrypt the data, but with Integrated Security it does not pass user ID and password in clear text. If you need to encrypt communication channel between SQL Server and application you would need to set Encrypt property in your connection string to true, like

     

    <add name="connStringName" connectionString="Data Source=serverName;Initial Catalog=dbName;Integrated Security=True; Encrypt=true"/>

     

    But encryption will work in this case ONLY if SSL certificate is installed on SQL Server side and SQL Server configured to use SSL.

     

    Here are more details about it

     

    http://msdn.microsoft.com/en-us/library/ms189067.aspx

     

    Friday, May 23, 2008 8:15 PM
    Moderator