Reputation: 653
Is my username and password sent plaintext when connecting to my remote sql
Is our username and password that is sent over the network to connect to a 2008 sql db plaintext?
For instance
SqlConnection conn = new SqlConnection(connectionString);
Is the password and username sent plain text to the server for the initial handshake?
Upvotes: 3
Views: 1068
Answers (1)
Reputation: 4647
This TechNet article claims that the credentials for SQL 2008 are always encrypted:
http://technet.microsoft.com/en-us/library/ms189067(v=sql.100).aspx
Credentials (in the login packet) that are transmitted when a client application connects to SQL Server are always encrypted.
There are optional items you can add to your connection string that will also enable encryption for other types of SQL Server communication that may be worth investigating if point-to-point security is a concern for your application.
http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.connectionstring.aspx
Upvotes: 1
Related Questions
- Are SQL Server connections encrypted?
- SqlConnection works with "Integrated Security =True" but I cannot connect with my login details
- Encrypted sql connection info in webconfig
- Password problems with SqlConnection
- SqlConnection not setting password when getting the ConnectionString
- sql connection from asp.net
- Does SQL Server Express 2012 remote connection sends data in plaintext or encrypted?
- Issue Passing Credentials from ASP.NET To SQL Server
- ASP.Net SessionState using SQL Server - is the data encrypted?
- how sqlConnection hides the password of the connection string