I have a .Net Windows Client Application which usually runs on a corporate network connecting to SQL Server 2005. I use SQL authentication with a simple Connection String which I believe the .Net SQLClient sends the password to server in clear text as part fo the connection string.
One of my clients wants to host the application on a commercially hosted SQL server and connect to it over the Internet. I have told them that they will need a SSL certificate to be loaded and setup on the SQL server.
Assuming that the DB Server Administrator sets up the SSL certificate correctly; is it true that all I have to do in my application is add "encrypt=true" to the SQL Connection String?
Is this going to be reasonably secure enough to run over the internet?