How do I securely connect a vb.Net Windows Client application to a SQL server hosted on the Internet?

Posted on 2009-02-19
Last Modified: 2012-05-06

I have a .Net Windows Client Application which usually runs on a corporate network connecting to SQL Server 2005. I use SQL authentication with a simple Connection String which I believe the .Net SQLClient sends the password to server in clear text as part fo the connection string.

One of my clients wants to host the application on a commercially hosted SQL server and connect to it over the Internet. I have told them that they will need a SSL certificate to be loaded and setup on the SQL server.

Assuming that the DB Server Administrator sets up the SSL certificate correctly; is it true that all I have to do in my application is add "encrypt=true" to the SQL Connection String?

Is this going to be reasonably secure enough to run over the internet?

Thanks in Advance

Question by:mj_stanton
    LVL 14

    Accepted Solution

    Besides using IPSec I am not aware of any more secure methods for connecting to a hosted sql server.   Usually the hosts don't provide a lot of flexibility for specifying certificates for security so SSL is probably the only option.   SSL is going to be a pretty good way to hide the data.  Depending on the SQL server, you may be more concerned with the lack of lock out policies for people to try and brute force your credentials.  SSL will protect the data in transit just fine.

    Author Comment

    If I use SSL and "encrypt=true" in the connection string does that mean that the Username and password are not sent in plain text a cross the internet?
    LVL 14

    Assisted Solution

    I would say that the SSL connection is created before the login credentials are sent across the network, just like they would be for https.   You could verify this if you hooked up a packet sniffer to watch the traffic on the network (if you want to go that far).  I would think that no one would use SQL if it sent the credentials in cleartext no matter what security was used.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Introduction SQL Server Integration Services can read XML files, that’s known by every BI developer.  (If you didn’t, don’t worry, I’m aiming this article at newcomers as well.) But how far can you go?  When does the XML Source component become …
    The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
    Viewers will learn how the fundamental information of how to create a table.
    Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now