Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2004-11-10 : 08:15:04
|
| ashley writes "Our office has been discussing mixed mode authentication and there is resistance to moving to windows authentication only. Getting domain user logins for applications is very difficult and time consuming.In our discussions about using mixed mode, the question was raised about the security of passing the connect string to the server. Is there any encryption of the connect string when the information is passed from the client to the server?Is there any security issue related to making the connection with SQL server using mixed mode? This question is just about sending the connection information, not the broader question of the insecurity of using mixed mode itself." |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2004-11-10 : 08:25:19
|
| I don't know if ADO.Net does anything special, but you can encrypt all network traffic to a SQL Server by running the Server Network Utility (in Start:Programs:Microsoft SQL Server) Choose the protocol(s) you're using and check the Force Encryption box.By the way, you don't have to create separate domain logins for each application. You can create Windows groups for each app, then add the individual users to those groups. In SQL Server, add the Windows group as a login and grant the permissions required for that group. Anyone in that group can then log in to SQL Server under Windows authentication, using their normal Windows name. |
 |
|
|
Kristen
Test
22859 Posts |
|
|
|
|
|
Is the connect string in ADO and ADO.net encrypted to SQL Server