Avatar of FTIISD
FTIISD asked on

## Encrypting information being sent to MS SQL database over the internet.

Hello,

I have a software application written in c# that accesses a database over the internet.  I need a way of encrypting the information being sent back and forth between the application and the database.  We also have a web application running off of the same database, and for this we are using an SSL certificate.  Is there anyway to incorporate this certificate into the application?  I would prefer not to encrypt the information in the database, just the transmission.

Thanks for your help.
C#

Avatar of undefined
Last Comment
eric_duncan

8/22/2022 - Mon
esteban_felipe

Hi FTIISD,

How is the information being sent/recieve?. Remoting? proxy objects?.. or are you opening a db connection to a server over the internet?

Esteban Felipe
www.estebanf.com
ASKER CERTIFIED SOLUTION
TheAvenger

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
jj819430

If the server is certified and running your app then yes you can run off of its certification. But it depends on the certificate as to how you go about this. Another option is to put another application on the SQL server that acts as an intermediary with your application, and then you can simply throw a plugin that uses Public or Private key encryption (whatever you want) on to it. Just make sure you don't use anything labeled as "Proprietary" just stick to what is tried and true, for example RSA.
ASKER
FTIISD

Hi,

Thanks for all your help.  The information is currently being stored at a hosting company.  They will not enable the encryption for me.  We are in the process of removing it from them, and placing it on a local server.  When this is done, (within the next couple of days) I will be able to attempt these methods.

Thanks
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
eric_duncan

If you are putting the database on a local server, you might not want to encrypt the transmissions at all if you KNOW that your firewall settings are strong and your network is secure. Encryption on a database connection will affect performance considerably, so I wouldn't do it unless I had to.