How to protect my SQL Server queries

  • Thread starter Thread starter Dino Buljubasic
  • Start date Start date
D

Dino Buljubasic

Hi,

My application is extensivelly querying a remote server. Somebody
sniffing the traffic could eventually find out all important
information such as passwords (from users in datatables as sell as the
password and user name used in connectiong string to that server.

How can I protect my self from this?

Thank you
_dino_
 
If the remote server is part of the same domain, or a domain trust is setup
then just use windows authentication to protect your credentials.

If thats not the case, then you can encrypt the communications either over
SSL or IPSEC (see
http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec03.mspx
for links to KB's for both)

I'd also recommend that you don't pass sql queries across the wire, and
instead use stored procures where possible. You should also consider
encrypting the data in your database. In sql 2000 you can either do that via
the code in your application, or via a SQL encyption library. There are a
number of commercial ones, but theres also an excellent free one @
http://www.sqlservercentral.com/columnists/mcoles/freeencryption.asp (note:
SQL 2005 has built-in support for encryption)

Cathal
 
Back
Top