If you do not install a certificate nor set any options are SQL Server's login packets encrypted by default? This is all we are interested in, not encrypting the actual data, and reading Msoft's help would seem to indicate that they are always encrypted as long as you are using the proper data access components. Does anyone know if this is true. All we are looking to do is to protect the sa password from packet sniffers and the like. We are currently using Sql server 2008 express edition.