Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / June 2005

Tip: Looking for answers? Try searching our database.

ADO.NET security in Windows App?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Rob R. Ainscough - 28 Jun 2005 00:26 GMT
I've coded a VB.NET windows service that uses ADO.NET to communicate with
both a MS Access database and an MS SQL Server 2000 database.  I'm using SQL
Authentication to validate access, but I'm not sure what options I have (if
any) to secure the data transmission/communicate between my Windows Service
and the SQL Server.

I know with my web apps I can uses SSL, but what about standard .NET Windows
apps -- do I have anyway to secure the data transmission to/from the SQL
Server?

Thanks,
Reply to this Message
Dominick Baier [DevelopMentor] - 28 Jun 2005 10:33 GMT
Hello Rob,

SQL communication is clear text. This includes the initial password in the
connection string as well as all data you send between client/server.

You have two options if you want to secure the data

- IPSec tunnel between the two parties
- Enable SSL in SQL Server

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I've coded a VB.NET windows service that uses ADO.NET to communicate
> with both a MS Access database and an MS SQL Server 2000 database.
[quoted text clipped - 7 lines]
>
> Thanks,
Reply to this Message
Rob R. Ainscough - 28 Jun 2005 16:12 GMT
So do I specify in my connection string "Integrated Security=SSL" ?

As usual, my MSDN search provides a bunch of information not relevant to my
search criteria -- MSDN is becoming more more useless -- I get better search
hit using Google -- frustrating.

> Hello Rob,
>
[quoted text clipped - 21 lines]
>>
>> Thanks,
Reply to this Message
Dominick Baier [DevelopMentor] - 28 Jun 2005 20:20 GMT
Hello Rob,

that's a SQL server configuration. Consult SQL Server Books Online (BOL).
You have to install a certificate for sql server in the cert store of the
service account.

If you can't find any useful information on how to do this - get back to me.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> So do I specify in my connection string "Integrated Security=SSL" ?
>
[quoted text clipped - 26 lines]
>>>
>>> Thanks,
Reply to this Message
Rob R. Ainscough - 28 Jun 2005 20:42 GMT
Found the article on how to enable SSL on SQL Server -- not clear on the
certificate?  Does the certificate need to be different than what is used on
the web server (IIS)?  In my case the SQL Server and Web Server are located
on the same server box.  So I would need to purchase 2 certificates?

> Hello Rob,
>
[quoted text clipped - 39 lines]
>>>>
>>>> Thanks,
Reply to this Message
Dominick Baier [DevelopMentor] - 28 Jun 2005 22:08 GMT
Hello Rob,

this depends on how you address the web server - the cert has the DNS name
embedded -exactly the name that clients use to connect to the server - if
that is the same name for www and sql - you could use the same one.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Found the article on how to enable SSL on SQL Server -- not clear on
> the certificate?  Does the certificate need to be different than what
[quoted text clipped - 46 lines]
>>>>> to/from the SQL Server?
>>>>> Thanks,
Reply to this Message
Rob R. Ainscough - 29 Jun 2005 01:42 GMT
Dominick,

Thanks for the info you've been a great help -- sometimes I feel the entire
internet needs a serious overhaul -- getting secure work done takes WAY too
much effort and recurring costs.

Internet development seems so slow and hokie (at best) and put together with
chewing gum that could break if someone just sneezes.  I'm seriously
rethinking my strategy and going with a simple .NET Windows app that people
can download and install from a basic web page.  Managed .NET apps have very
small signatures and since Longhorn will have .NET framework built in...

Something has gotta change, cause security model and rendering of pages
every time is for the birds -- it really is like stepping 20-30 years back
in time.  There must be a better way.

Rob.

> Hello Rob,
>
[quoted text clipped - 56 lines]
>>>>>> to/from the SQL Server?
>>>>>> Thanks,
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.