端口1433上的Azure SQL DB安全通信 [英] Azure SQL DB-Securing communication on Port 1433

问题描述

我正在使用Azure SQL Server DB，并且由于没有本地Db安装程序，因此需要通过我的本地开发环境连接到它.我正在使用Entity Framework和标准连接字符串通过端口1433连接.这需要在组织防火墙中打开端口1433.

I am using Azure SQL Server DB and need to connect to it through my local development environment since we do not have local Db setup. I am using Entity Framework and standard connection string to connect over port 1433. This requires port 1433 opened in organizations firewall.

但是，我的工作场所中的安全小组希望我确保这种通信的安全性，以防止数据泄露，以便他们可以为我的工作打开端口1433.

However, the security group in my workplace wants me to ensure that this communication is secured, to protest data exposure, so that they can open the port 1433 for my work.

我如何确保?如果默认情况下是安全的，则可以使用一些链接对其进行说明.如果没有，我可以采取一些步骤来实现它.

How do i ensure that? If this is secured by default, then some link that explains it. If not, the steps I can take to make it happen.

或让我指出一个解决此问题的问题.多谢！！

Or point me to a question where this is resolved. Thanks a ton!!!

推荐答案

来自

重要

与Azure SQL数据库的所有连接在数据传输"期间始终需要加密(SSL/TLS).在应用程序的连接字符串中，必须指定参数以加密连接而不信任服务器证书(如果将连接字符串复制到Azure经典门户之外，则将为您完成此操作)否则，连接将无法验证服务器的身份，并且容易受到中间人"攻击.攻击.例如，对于ADO.NET驱动程序，这些连接字符串参数为 Encrypt = True 和 TrustServerCertificate = False .

Important

All connections to Azure SQL Database require encryption (SSL/TLS) at all times while data is "in transit" to and from the database. In your application's connection string, you must specify parameters to encrypt the connection and not to trust the server certificate (this is done for you if you copy your connection string out of the Azure Classic Portal), otherwise the connection will not verify the identity of the server and will be susceptible to "man-in-the-middle" attacks. For the ADO.NET driver, for instance, these connection string parameters are Encrypt=True and TrustServerCertificate=False.

这篇关于端口1433上的Azure SQL DB安全通信的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！