| Groups | Blog | Home |
dotnet security : ADO.NET security in Windows App?
I've coded a VB.NET windows service that uses ADO.NET to communicate with
both a MS Access database and an MS SQL Server 2000 database. I'm using SQL Authentication to validate access, but I'm not sure what options I have (if any) to secure the data transmission/communicate between my Windows Service and the SQL Server. I know with my web apps I can uses SSL, but what about standard .NET Windows apps -- do I have anyway to secure the data transmission to/from the SQL Server? Thanks,
Hello Rob,
SQL communication is clear text. This includes the initial password in the connection string as well as all data you send between client/server. You have two options if you want to secure the data - IPSec tunnel between the two parties - Enable SSL in SQL Server --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > I've coded a VB.NET windows service that uses ADO.NET to communicate > with both a MS Access database and an MS SQL Server 2000 database. > I'm using SQL Authentication to validate access, but I'm not sure what > options I have (if any) to secure the data transmission/communicate > between my Windows Service and the SQL Server. > > I know with my web apps I can uses SSL, but what about standard .NET > Windows apps -- do I have anyway to secure the data transmission > to/from the SQL Server? > > Thanks, >
So do I specify in my connection string "Integrated Security=SSL" ?
As usual, my MSDN search provides a bunch of information not relevant to my search criteria -- MSDN is becoming more more useless -- I get better search hit using Google -- frustrating. "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> [quoted text, click to view] wrote in message news:523796632555552049163721@news.microsoft.com... > Hello Rob, > > SQL communication is clear text. This includes the initial password in the > connection string as well as all data you send between client/server. > > You have two options if you want to secure the data > > - IPSec tunnel between the two parties > - Enable SSL in SQL Server > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> I've coded a VB.NET windows service that uses ADO.NET to communicate >> with both a MS Access database and an MS SQL Server 2000 database. >> I'm using SQL Authentication to validate access, but I'm not sure what >> options I have (if any) to secure the data transmission/communicate >> between my Windows Service and the SQL Server. >> >> I know with my web apps I can uses SSL, but what about standard .NET >> Windows apps -- do I have anyway to secure the data transmission >> to/from the SQL Server? >> >> Thanks, >> > > >
Hello Rob,
that's a SQL server configuration. Consult SQL Server Books Online (BOL). You have to install a certificate for sql server in the cert store of the service account. If you can't find any useful information on how to do this - get back to me. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > So do I specify in my connection string "Integrated Security=SSL" ? > > As usual, my MSDN search provides a bunch of information not relevant > to my search criteria -- MSDN is becoming more more useless -- I get > better search hit using Google -- frustrating. > > "Dominick Baier [DevelopMentor]" > <dbaier@pleasepleasenospamdevelop.com> wrote in message > news:523796632555552049163721@news.microsoft.com... > >> Hello Rob, >> >> SQL communication is clear text. This includes the initial password >> in the connection string as well as all data you send between >> client/server. >> >> You have two options if you want to secure the data >> >> - IPSec tunnel between the two parties >> - Enable SSL in SQL Server >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> I've coded a VB.NET windows service that uses ADO.NET to communicate >>> with both a MS Access database and an MS SQL Server 2000 database. >>> I'm using SQL Authentication to validate access, but I'm not sure >>> what >>> options I have (if any) to secure the data transmission/communicate >>> between my Windows Service and the SQL Server. >>> I know with my web apps I can uses SSL, but what about standard .NET >>> Windows apps -- do I have anyway to secure the data transmission >>> to/from the SQL Server? >>> >>> Thanks, >>>
Found the article on how to enable SSL on SQL Server -- not clear on the
certificate? Does the certificate need to be different than what is used on the web server (IIS)? In my case the SQL Server and Web Server are located on the same server box. So I would need to purchase 2 certificates? "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> [quoted text, click to view] wrote in message news:526574632555904470267683@news.microsoft.com... > Hello Rob, > > that's a SQL server configuration. Consult SQL Server Books Online (BOL). > You have to install a certificate for sql server in the cert store of the > service account. > > If you can't find any useful information on how to do this - get back to > me. > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> So do I specify in my connection string "Integrated Security=SSL" ? >> >> As usual, my MSDN search provides a bunch of information not relevant >> to my search criteria -- MSDN is becoming more more useless -- I get >> better search hit using Google -- frustrating. >> >> "Dominick Baier [DevelopMentor]" >> <dbaier@pleasepleasenospamdevelop.com> wrote in message >> news:523796632555552049163721@news.microsoft.com... >> >>> Hello Rob, >>> >>> SQL communication is clear text. This includes the initial password >>> in the connection string as well as all data you send between >>> client/server. >>> >>> You have two options if you want to secure the data >>> >>> - IPSec tunnel between the two parties >>> - Enable SSL in SQL Server >>> --------------------------------------- >>> Dominick Baier - DevelopMentor >>> http://www.leastprivilege.com >>>> I've coded a VB.NET windows service that uses ADO.NET to communicate >>>> with both a MS Access database and an MS SQL Server 2000 database. >>>> I'm using SQL Authentication to validate access, but I'm not sure >>>> what >>>> options I have (if any) to secure the data transmission/communicate >>>> between my Windows Service and the SQL Server. >>>> I know with my web apps I can uses SSL, but what about standard .NET >>>> Windows apps -- do I have anyway to secure the data transmission >>>> to/from the SQL Server? >>>> >>>> Thanks, >>>> > > >
Hello Rob,
this depends on how you address the web server - the cert has the DNS name embedded -exactly the name that clients use to connect to the server - if that is the same name for www and sql - you could use the same one. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > Found the article on how to enable SSL on SQL Server -- not clear on > the certificate? Does the certificate need to be different than what > is used on the web server (IIS)? In my case the SQL Server and Web > Server are located on the same server box. So I would need to > purchase 2 certificates? > > "Dominick Baier [DevelopMentor]" > <dbaier@pleasepleasenospamdevelop.com> wrote in message > news:526574632555904470267683@news.microsoft.com... > >> Hello Rob, >> >> that's a SQL server configuration. Consult SQL Server Books Online >> (BOL). You have to install a certificate for sql server in the cert >> store of the service account. >> >> If you can't find any useful information on how to do this - get back >> to me. >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> So do I specify in my connection string "Integrated Security=SSL" ? >>> >>> As usual, my MSDN search provides a bunch of information not >>> relevant to my search criteria -- MSDN is becoming more more useless >>> -- I get better search hit using Google -- frustrating. >>> >>> "Dominick Baier [DevelopMentor]" >>> <dbaier@pleasepleasenospamdevelop.com> wrote in message >>> news:523796632555552049163721@news.microsoft.com... >>> >>>> Hello Rob, >>>> >>>> SQL communication is clear text. This includes the initial password >>>> in the connection string as well as all data you send between >>>> client/server. >>>> >>>> You have two options if you want to secure the data >>>> >>>> - IPSec tunnel between the two parties >>>> - Enable SSL in SQL Server >>>> --------------------------------------- >>>> Dominick Baier - DevelopMentor >>>> http://www.leastprivilege.com >>>>> I've coded a VB.NET windows service that uses ADO.NET to >>>>> communicate >>>>> with both a MS Access database and an MS SQL Server 2000 database. >>>>> I'm using SQL Authentication to validate access, but I'm not sure >>>>> what >>>>> options I have (if any) to secure the data >>>>> transmission/communicate >>>>> between my Windows Service and the SQL Server. >>>>> I know with my web apps I can uses SSL, but what about standard >>>>> .NET >>>>> Windows apps -- do I have anyway to secure the data transmission >>>>> to/from the SQL Server? >>>>> Thanks, >>>>>
Dominick,
Thanks for the info you've been a great help -- sometimes I feel the entire internet needs a serious overhaul -- getting secure work done takes WAY too much effort and recurring costs. Internet development seems so slow and hokie (at best) and put together with chewing gum that could break if someone just sneezes. I'm seriously rethinking my strategy and going with a simple .NET Windows app that people can download and install from a basic web page. Managed .NET apps have very small signatures and since Longhorn will have .NET framework built in... Something has gotta change, cause security model and rendering of pages every time is for the birds -- it really is like stepping 20-30 years back in time. There must be a better way. Rob. "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> [quoted text, click to view] wrote in message news:526693632555969145254319@news.microsoft.com... > Hello Rob, > > > this depends on how you address the web server - the cert has the DNS name > embedded -exactly the name that clients use to connect to the server - if > that is the same name for www and sql - you could use the same one. > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> Found the article on how to enable SSL on SQL Server -- not clear on >> the certificate? Does the certificate need to be different than what >> is used on the web server (IIS)? In my case the SQL Server and Web >> Server are located on the same server box. So I would need to >> purchase 2 certificates? >> >> "Dominick Baier [DevelopMentor]" >> <dbaier@pleasepleasenospamdevelop.com> wrote in message >> news:526574632555904470267683@news.microsoft.com... >> >>> Hello Rob, >>> >>> that's a SQL server configuration. Consult SQL Server Books Online >>> (BOL). You have to install a certificate for sql server in the cert >>> store of the service account. >>> >>> If you can't find any useful information on how to do this - get back >>> to me. >>> >>> --------------------------------------- >>> Dominick Baier - DevelopMentor >>> http://www.leastprivilege.com >>>> So do I specify in my connection string "Integrated Security=SSL" ? >>>> >>>> As usual, my MSDN search provides a bunch of information not >>>> relevant to my search criteria -- MSDN is becoming more more useless >>>> -- I get better search hit using Google -- frustrating. >>>> >>>> "Dominick Baier [DevelopMentor]" >>>> <dbaier@pleasepleasenospamdevelop.com> wrote in message >>>> news:523796632555552049163721@news.microsoft.com... >>>> >>>>> Hello Rob, >>>>> >>>>> SQL communication is clear text. This includes the initial password >>>>> in the connection string as well as all data you send between >>>>> client/server. >>>>> >>>>> You have two options if you want to secure the data >>>>> >>>>> - IPSec tunnel between the two parties >>>>> - Enable SSL in SQL Server >>>>> --------------------------------------- >>>>> Dominick Baier - DevelopMentor >>>>> http://www.leastprivilege.com >>>>>> I've coded a VB.NET windows service that uses ADO.NET to >>>>>> communicate >>>>>> with both a MS Access database and an MS SQL Server 2000 database. >>>>>> I'm using SQL Authentication to validate access, but I'm not sure >>>>>> what >>>>>> options I have (if any) to secure the data >>>>>> transmission/communicate >>>>>> between my Windows Service and the SQL Server. >>>>>> I know with my web apps I can uses SSL, but what about standard >>>>>> .NET >>>>>> Windows apps -- do I have anyway to secure the data transmission >>>>>> to/from the SQL Server? >>>>>> Thanks, >>>>>> > > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |