All geek questions in one place

Cleaning string connection with network packet analyzer

I assume that everything is possible, but I wonder how easy it is for someone to capture the connection string using a network packet analyzer or an equivalent tool.

The winforms application retrieves data directly from the MSSQL server. (Assume there are no additional web services in the middle for extra protection)

1) Is it possible for someone with the analyzer to read the connection string as clear text?

2) Can the connection string be protected by SSL certificate?

3) SSL certificate must be installed on SQL server?

4) I already have an SSL http s certificate . Can I install it also for SQL server?

5) Will the speed of the returned data be reduced due to SSL?

Thank you in advance

+3
source share
2 answers
  • Yes. If they are on the same network as the packet sniffer (henceforth the “sniffer”), and the connection string is in plain text. Using a switch instead of a hub will not make this difficult.
  • Man-in-the-middle attacks are still possible. Linking channels is designed to detect and prevent this, as well as to carefully examine the certificate received by the client. Customer certificates will also help strengthen this.
  • yes it should
  • as long as the hostname matches the sql server, it should work, otherwise you will need a new certificate.
  • , , , . , ; .

: , , , , , , , sql. . SQL- , , VPN, .

+3

, , . , SQL SSL ( ), , SSL; . technet. , . . , , db ...

+1

Source: https://habr.com/ru/post/1716364/

More articles:


All Articles