M
MaxGruven
Is the Username and Password specified in the Connection String of an ASP.NET
application transmitted to an SQL Server 2005 sent as clear text from the IIS
Server?
The reason I ask is our IT department has mandated that all
username/passwords be encrypted when sent from one server to another within
our corporate intranet in case someone is running a sniffer.
If so, what strategy might be employed in order to meet this requirement??
It seems like using Integrated Security in the connection string might work…
but how can I be sure the username/password is not sent and if so, in the
clear?
An Encrypted Connection (Encrypted=True) seems expensive and requires a
server certificate be installed on the SQL Server.
TIA,
G
Cross Posted:
microsoft.public.sqlserver.security
application transmitted to an SQL Server 2005 sent as clear text from the IIS
Server?
The reason I ask is our IT department has mandated that all
username/passwords be encrypted when sent from one server to another within
our corporate intranet in case someone is running a sniffer.
If so, what strategy might be employed in order to meet this requirement??
It seems like using Integrated Security in the connection string might work…
but how can I be sure the username/password is not sent and if so, in the
clear?
An Encrypted Connection (Encrypted=True) seems expensive and requires a
server certificate be installed on the SQL Server.
TIA,
G
Cross Posted:
microsoft.public.sqlserver.security