T
Tushar Karsan
(Been reading other messages on this subject but could not find an answer,
that is why I'm posting this. Please note, although I have posted to several
groups, I've set follow-to microsoft.public.sqlserver.security in case I
posted to where I shouldn't have, sorry if I have).
Using
+ ASP.Net
+ SQL Server 2000
+ Windows 2K Adv. Server.
It is possible to encryp data that is exchanged between ASP.Net server in
DMZ and SQL Server in secured zone? By that I mean securing all that data
that passes though the firewall on port 1433 between ASP.Net and SQL Server.
I guess there are two aspects to this question:
1 Encrypt the connection string that is used to make a connection, ie pass
and ancrypted connection string from ASP.Net to SQL Server to make a
connection. Does ADO.Net and SQL Server support this feature?
2 Encryption of sensitive sensitive query data that is exchanged between
ASP.Net and SQL Server. By this I mean storing the data in cleartext, then
have it ecrypted while it is in transition from the DB server to ASP.Net
then have in decrypted back into cleartext in ASP.Net application. Is that
possible?
I suppse if either of the above is not possible then I will have to store
the sensitive data into the DB encrypted and have it decrypted after
reading. The problem with this method is that session keys cannot be used:
the key used for encryption / decryption needs to be fixed for all time.
Please help.
that is why I'm posting this. Please note, although I have posted to several
groups, I've set follow-to microsoft.public.sqlserver.security in case I
posted to where I shouldn't have, sorry if I have).
Using
+ ASP.Net
+ SQL Server 2000
+ Windows 2K Adv. Server.
It is possible to encryp data that is exchanged between ASP.Net server in
DMZ and SQL Server in secured zone? By that I mean securing all that data
that passes though the firewall on port 1433 between ASP.Net and SQL Server.
I guess there are two aspects to this question:
1 Encrypt the connection string that is used to make a connection, ie pass
and ancrypted connection string from ASP.Net to SQL Server to make a
connection. Does ADO.Net and SQL Server support this feature?
2 Encryption of sensitive sensitive query data that is exchanged between
ASP.Net and SQL Server. By this I mean storing the data in cleartext, then
have it ecrypted while it is in transition from the DB server to ASP.Net
then have in decrypted back into cleartext in ASP.Net application. Is that
possible?
I suppse if either of the above is not possible then I will have to store
the sensitive data into the DB encrypted and have it decrypted after
reading. The problem with this method is that session keys cannot be used:
the key used for encryption / decryption needs to be fixed for all time.
Please help.