Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2006

    Unanswered: SECURITY in MS SQL Server 2005

    Hi all,

    Could anyone suggest me which is the recommended authentication mode for web applications with MS SQL Server 2005.

    Also let me know how the new security features of MS SQL Server 2005 can be used for secured application access.

    Thanks in advance


  2. #2
    Join Date
    May 2004
    MS recommends you to use windows auth. they would love to get rid of sql auth but can't because so many people use it.

    Using sql auth generally means you have cleartext passwords lying around in web.config files. with windows auth, all you have in web.config is "trusted_connection=yes" which doesn't reveal anything. well, not as much anyway.

    if you do opt to use sql auth, you should store connection strings in web.config encrypted.

    beware of what some sites pass off as "encryption" though. I found this page (googling 'encrypted connection string')

    It claims to show you how to encrypt a connection string but it it completely bogus since their method of "encryption" is base64 encoding. that's not encryption at all!

    The sad fact is that this is the first page that comes up in the google search above, so I'm sure there are a lot of know-nothings out there that are using this method and think they have protected their passwords...

    This next one down in the google search above does a better job:
    Last edited by jezemine; 10-11-06 at 02:11.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts