Reputation: 67
How secure is Azure SQL connection?
I am working on WPF app that connects to Azure SQL using EF 6 and defined connection string ( no Web Service to save money on Azure running SQL and Web server ).
So my question is how secure is such connection?
I have in connection string Encrypt=True ( so I am using SSL ). I am using AD user credentials to connect to DB itself ( combination of AD user and corresponding contained DB user, unfortunately username and password are in config files of app ). I have registered app in Azure AD and gave it permission to access DB using this contained DB user matching AD user. ( I am using this app client id to identify that communication comes from my WPF app ).
The only threat I can see here is if someone gain access to computer with app installed and retrieves from config files all those information needed to establish connection and authenticate it.
But I am really weak in networking stuff and I have no idea if someone can obtain those information from snuffing network traffic. ( tried to use wireshark myself but it all looked pretty gibberish to me )
So has anyone any idea how such communication can be corrupted in any way?
Upvotes: 4
Views: 1678
Answers (1)
Reputation: 4481
SQL Server and SQL Azure support encryption for database connections (encryption in motion). Please be aware that SSL is the older term for this - the current best capability supported to talk to the SQL engine (in either context) is TLS 1.2. Note that you need to have the right (up to date) versions of client drivers to be able to get this security when talking to SQL Azure. SQL Azure enforces encryption by default when using these drivers. You can read the current state of this in this post: https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server
With respect to your broader question, there are lots of things you need to consider when writing an application (2 tier or 3 tier). You should be looking at the firewall on Azure SQL DB to lock down whatever path you enable. You should use the SQL permission model to limit what each user/role can do when operating in the database. You should use audit to track who connects to the db (and from where). You should make sure you are using TDE (on by default in SQL Azure for new DBs). There are additional security features in SQL that may also be useful to you (row level security, data masking, always encrypted, etc). The networking part is really just the starting point for designing a secure solution.
Upvotes: 4
Related Questions
- Securely Connecting to SQL Azure
- SQL Server secure connection using Windows Azure Connect
- Azure SQL DB-Securing communication on Port 1433
- Reliable connection with Azure SQL Database
- Secure access to SQL Azure
- is public static sql connection secure
- Is Azure SQL secure when using it for a desktop program?
- Secure ASP.net application with Azure SQL Databases on Azure
- Most reliable SQL Azure connection code?
- Is the connectionString within the project safe when deploying to the cloud?