如果您使用 SQL Server 身份验证 (2005)，登录详细信息是否以明文形式通过网络发送？

1 Câu trả lời

如您所愿，安全无忧...

您可以相当轻松地配置 SSL，如果您没有受信任的证书，如果您强制加密，SQL Server 可以创建/颁发它自己的自签名证书供您使用... from this write-up

Credentials (in the login packet) that are transmitted when a client application connects to SQL Server are always encrypted. SQL Server will use a certificate from a trusted certification authority if available. If a trusted certificate is not installed, SQL Server will generate a self-signed certificate when the instance is started, and use the self-signed certificate to encrypt the credentials. This self-signed certificate helps increase security but it does not provide protection against identity spoofing by the server. If the self-signed certificate is used, and the value of the ForceEncryption option is set to Yes, all data transmitted across a network between SQL Server and the client application will be encrypted using the self-signed certificate

关于sql-server - SQL Server 2005 : How Secure is SQL Server Authentication?，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/2163658/