Visible SQLConnection String
-
Here is my argumentative question for all those in CodeProject land since my professors cant give me a straight answer. I have an application (WhateverAPP in IIS on a Server2003 machine) that pulls data from a SQL2000 server (WhateverServer located on the same machine). The connection string (Server=WhateverServer; Initial Catalog=Fortnox; Uid=sa; Password=YouWish;) is supposed to be readable through a packet analyzer (netmon.exe) since the connection string is clear type. Well..... I have looked at each packet so many damn times that I can read the hex easier that the text, needless to say it aint in there even though everyone says it is. If I create a simple data tier (class library instead of COM+ class) will this hide the connection string, the string that I can’t see anyway? Thanks in Advance! Joseph
-
Here is my argumentative question for all those in CodeProject land since my professors cant give me a straight answer. I have an application (WhateverAPP in IIS on a Server2003 machine) that pulls data from a SQL2000 server (WhateverServer located on the same machine). The connection string (Server=WhateverServer; Initial Catalog=Fortnox; Uid=sa; Password=YouWish;) is supposed to be readable through a packet analyzer (netmon.exe) since the connection string is clear type. Well..... I have looked at each packet so many damn times that I can read the hex easier that the text, needless to say it aint in there even though everyone says it is. If I create a simple data tier (class library instead of COM+ class) will this hide the connection string, the string that I can’t see anyway? Thanks in Advance! Joseph
Just because the connection string is clear-type, does not mean that that is how it is sent by the SQL client library to the server. In fact, the connection string is never sent to the server at all. It is intepreted, and then, using an API, the connection is made to the server. The username and password may or may not be passed as plain text, depending on the specific API. In the case the SQL Client libraries, I very much doubt it is sent unencrypted.