SQL Server 2005:SQL Server身份验证的安全性如何? [英] SQL Server 2005: How Secure is SQL Server Authentication?

问题描述

如果您使用SQL Server身份验证(2005)，是否通过网络以明文形式发送登录详细信息?

If you use SQL Server Authentication (2005), are the login details sent in clear text over the wire?

推荐答案

要确保它的安全性...

As secure as you want to make it...

您可以相当容易地配置SSL，如果您没有受信任的证书，则可以强制加密，SQL Server可以创建/发布它自己的自签名证书供您使用...

you can configure SSL fairly easily, and if you don't have a trusted cert, if you force encryption, SQL Server can create/issue it's own self signed cert for your use...from this write-up

凭据(在登录数据包中) 当客户端被传输时 应用程序连接到SQL Server是 始终加密. SQL Server将使用 来自受信任的证书 证书颁发机构(如果有). 如果不是受信任的证书 安装后，SQL Server将生成一个 自签名证书时 实例启动，并使用 自签名证书来加密 证书.此自签名 证书有助于提高安全性 但它不提供保护 反对由身份欺骗 服务器.如果是自签名证书 被使用，并且 ForceEncryption选项设置为是"， 通过网络传输的所有数据 在SQL Server和客户端之间 应用程序将使用加密 自签名证书

Credentials (in the login packet) that are transmitted when a client application connects to SQL Server are always encrypted. SQL Server will use a certificate from a trusted certification authority if available. If a trusted certificate is not installed, SQL Server will generate a self-signed certificate when the instance is started, and use the self-signed certificate to encrypt the credentials. This self-signed certificate helps increase security but it does not provide protection against identity spoofing by the server. If the self-signed certificate is used, and the value of the ForceEncryption option is set to Yes, all data transmitted across a network between SQL Server and the client application will be encrypted using the self-signed certificate

这篇关于SQL Server 2005:SQL Server身份验证的安全性如何?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！