SQL Password sent plaintext?

Results 1 to 2 of 2

Thread: SQL Password sent plaintext?

  1. #1
    Join Date
    Dec 1969

    Default SQL Password sent plaintext?

    When I make a connection to a SQL server via SQL authentication, how is the password sent over the wire?<BR><BR>For example,<BR>set objConn = Server.CreateObject("ADODB.Connection")<BR>objConn .ConnectionString = "Provider=SQLOLEDB; Data Source=MySQLServer; Initial Catalog=MyDB; User ID=ethan; Password=secret"<BR>objConn.Open<BR><BR>If somebody is sniffing packets on my local network, will they see the userid/password in plaintext, or is it somehow encrypted?<BR>

  2. #2
    Join Date
    Dec 1969

    Default I believe

    plain text. But it&#039;s best to have the SQL Server only on your internal network (only accessible from the IIS server, not from an &#039;internet&#039; connection) when you have this setup the password is only on the internal network. <BR>Make sure the IIS server is the only one &#039;outside&#039; the firewall

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts