How secure is ADO.Net traffic?
-
We have a client/server database app that uses ADO.Net and runs over a LAN. One potential customer asks why we don't use a secure network connection (we deal in a lot of personal info) for our DB traffic, and I want to say that ADO.Net is 'secure enough', as we only operate over a company LAN. But I have to admit I'm not sure. We do all the standard stuff (DB permissions, Windows authentication, encryption of connection strings and passwords, validate input values, role based controls etc) but I am wondering about the network transport aspect of ADO.Net. MSDN doesn't say much other than you can encrypt sensitive data (but all our data is sensitive!) or use a secure connection. How easy is it to snoop ADO.Net traffic over a standard connection? Does anyone here use ADO.Net with either encryption or a secure connection (IPSec/SSL)? Ta, Adam
-
We have a client/server database app that uses ADO.Net and runs over a LAN. One potential customer asks why we don't use a secure network connection (we deal in a lot of personal info) for our DB traffic, and I want to say that ADO.Net is 'secure enough', as we only operate over a company LAN. But I have to admit I'm not sure. We do all the standard stuff (DB permissions, Windows authentication, encryption of connection strings and passwords, validate input values, role based controls etc) but I am wondering about the network transport aspect of ADO.Net. MSDN doesn't say much other than you can encrypt sensitive data (but all our data is sensitive!) or use a secure connection. How easy is it to snoop ADO.Net traffic over a standard connection? Does anyone here use ADO.Net with either encryption or a secure connection (IPSec/SSL)? Ta, Adam
adambl wrote:
How easy is it to snoop ADO.Net traffic over a standard connection?
Not sure. You could just send everything through an encrypted channel.
"Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon