如果您使用 SQL Server 身份验证 (2005),登录详细信息是否以明文形式通过网络发送?
最佳答案
如您所愿,安全无忧...
您可以相当轻松地配置 SSL,如果您没有受信任的证书,如果您强制加密,SQL Server 可以创建/颁发它自己的自签名证书供您使用... from this write-up
Credentials (in the login packet) that are transmitted when a client application connects to SQL Server are always encrypted. SQL Server will use a certificate from a trusted certification authority if available. If a trusted certificate is not installed, SQL Server will generate a self-signed certificate when the instance is started, and use the self-signed certificate to encrypt the credentials. This self-signed certificate helps increase security but it does not provide protection against identity spoofing by the server. If the self-signed certificate is used, and the value of the ForceEncryption option is set to Yes, all data transmitted across a network between SQL Server and the client application will be encrypted using the self-signed certificate
关于sql-server - SQL Server 2005 : How Secure is SQL Server Authentication?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/2163658/