Post reply

Encryption

  • January 27, 2004 at 1:14 pm

    #84555

    I am developing a windows forms application and the client has requested that the client application pass encrypted data to the SQL Server database.  I know that this could be accomplished with webservices and run through SSL but I am looking for information on what is the format ADO.net transmits through TCIP connections and is there any way to set up something like SSL within SQL Server.  Leaving out IIS. 

    Sorry if my question is not clear but I have never had a client be concerned with the connection between a client and SQL Server before.  I guess I am wondering if there is anything they should be worried about.

  • January 27, 2004 at 1:55 pm

    #491823

    This is a good book:

    http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp



    --Jonathan

  • January 27, 2004 at 5:06 pm

    #491840

    Are you sending encrypted data or looking to encrypt the data stream? SSL will encrypt the stream, but the data will be text in the server. If you encrypt on the client, then you don't need to owrry about the stream.

  • January 27, 2004 at 11:20 pm

    #491870

    What Steve says is true, but ... if the client only wants encryption on the wire, then having the data in plain text on the server will allow for useful indexing.  The SSL-style over-the-wire encryption with SQL Server is easy to set up, by the way, and we couldn't really notice any performance problems.  The bigger problem was getting everybody's MDAC up to date so that the clients would work with the encryption.

    Chris

    This is the 75th post in a planned series of, well ... more than 75.

  • January 28, 2004 at 7:02 am

    #491934

    Do you need to install IIS on the SQL Server book to set up SSL.  Any more information you have or articles describing the set would be appreciated.  On only need to encrypt the wire but everything I see in articles deals with ASP.NET and SSL

  • January 28, 2004 at 7:43 am

    #491953

    No (at least I don't think so), but it might be the easiest way, since IIS is right there on the box waiting to be installed and it has that nifty Certificates wizard.  What we did was to install IIS, install the server certificates, and then uninstall IIS right afterwards.

    Chris

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply