April 11, 2008 at 8:14 am
I have a SQL Server 2000, SP4 running on Windows 2003, SP1.
My customer's requirement: "Since the backend database will not be physically on the same application server, the database login credential should be encrypted in the login authentication session."
1) Is there any pw encryption for logins in SQL 2000 by default?
2) Is this done on SQL Server side or in application?
3) What is the best way for this to be accomplished?
All advice is appreciated!
Thank you,
Karri
April 11, 2008 at 8:40 am
If Windows authentication is used, a hash is sent. This would likely meet the requirements. If SQL Server authentication is used, while technically the password is encrypted, it is an extremely weak form of encryption. This is handled in the initial connection with SQL Server.
An option to ensure strong encryption, in either case, is to force secure communications on. But this requires an SSL certificate.
K. Brian Kelley
@kbriankelley
April 11, 2008 at 9:11 am
I tend to agree with Brian, but how does the application work? Is it a service type application, IIS, fat client?
This determines how things work because the application can potentially login and not the user, or you can have the application be dumb and the user required to log in.
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply