February 19, 2009 at 6:46 am
Hi All
We're in the position where we have to put a DB for an application that lives in our DMZ on an Internal SQL Server 2005. Unfortunately it also will only accept SQL Authentication. Therefore I was wondering, would using SQL SSL go some way to nullifying the risk associated with the plain text properties of SQL Auth?
I'm hoping to use SQL SSL on only the selected DMZ server and it's database, all others are to stay as they were using unencrypted connections.
Does this seem feasible?
TIA
Chris.
February 19, 2009 at 8:16 am
There isn't anything you need to do. Starting with SQL Server 2005, SQL Server uses TLS to encrypt the logon packets. It'll use its own self-signed cert if necessary. So if you're just worried about the logon process, that's covered. If you're worried about all data, then yes, use SSL or IPSEC. More here:
BOL: Encrypting Connections to SQL Server
K. Brian Kelley
@kbriankelley
February 19, 2009 at 8:57 am
Thanks for the info..
Just so that we're clear, are you saying that I don't even have to load a Cert for the traffic to be encrypted and the encryption happens automatically without any settings being changed at either the server or client?
I can get hold of Server Authentication Certs without any trouble if required...
February 19, 2009 at 9:58 am
Chris Rowley (2/19/2009)
Thanks for the info..Just so that we're clear, are you saying that I don't even have to load a Cert for the traffic to be encrypted and the encryption happens automatically without any settings being changed at either the server or client?
I can get hold of Server Authentication Certs without any trouble if required...
It happens automatically, you don't have to do anything. If you had a 3rd party issued cert from a trusted CA, it would use that. But if that's not available, SQL Server 2005/8 will use its own self-signed cert.
K. Brian Kelley
@kbriankelley
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply