locked
Is SSL encryption application dependent? RRS feed

  • Question

  • I'm trying to fix a problem that is not mine.  We are putting in 3 servers for 2 customers.  One of the customers will have a SQL server that will host a database for an application.

     

    Both customers will access the same DB via this application.  Customer A has the server onsite and will access directly.  Customer B is offsite and the data stream between the two needs to be encrypted.

     

    I am looking at SQL encryption because VPN would allow more network access than they want.  I'm getting the run around from the application company on encryption with SSL.

     

    Here is how I understand it works:

     

    SQL Server ---clear text-------  ODBC Driver ----clear text----------  Application

    Now if we turn on SQL encryption:

     

    SQL Server ---SSL Encrypted ----- ODBC Driver -----Clear text --------Application

     

    Is this correct?  I dont' care if the data is encrypted between the ODBC driver and the application, those reside on the same box.  I need the connection encrypted.

     

    I am looking into site to site VPN with separate VLAN's but this seems the easiest solution.

     

    What is the problem with just accessing the data directly via 1433 but encrypting it site to site?  If SQL does the encryption to the ODBC connection, why does the application matter or am I not understanding this properly?

     

    Thanks,

     

    Eric

    Friday, August 13, 2010 7:14 PM

Answers

  • I would put it this way:

    SQL Server ---SQL Server Native Client (ODBC portion) encrypts using SSL --- Encrypted TCP Packets cross the internet --- SQL Server Native Client (ODBC portion) decrypts using SSL---Clear text to Application


    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty
    • Marked as answer by Eric_Ptek Sunday, August 15, 2010 5:00 PM
    Friday, August 13, 2010 9:37 PM

All replies

  • I would put it this way:

    SQL Server ---SQL Server Native Client (ODBC portion) encrypts using SSL --- Encrypted TCP Packets cross the internet --- SQL Server Native Client (ODBC portion) decrypts using SSL---Clear text to Application


    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty
    • Marked as answer by Eric_Ptek Sunday, August 15, 2010 5:00 PM
    Friday, August 13, 2010 9:37 PM
  • Thank you for the confirmation.
    Sunday, August 15, 2010 5:00 PM