We would like to force encryption of the data going to and from our customers' SQL databases. Currently, we access the customer databases via ODBC DSNs, using both SQL Management Studio (Query Analyzer) and our custom applications.
我们希望强制加密来自客户SQL数据库的数据。目前,我们使用SQL Management Studio(查询分析器)和我们的自定义应用程序通过ODBC DSN访问客户数据库。
Yeah, I know this is not "best practices", but I have to deal with it for now.
是的,我知道这不是“最佳实践”,但我现在必须处理它。
Anyway, I have been tasked with encrypting the data on the pipe between us and them. I found plenty of information on how to set up the connection between SQL client and server, but precious little information on how to use the ODBC DSN in such a situation.
无论如何,我的任务是加密我们和他们之间的管道上的数据。我发现了很多关于如何在SQL客户端和服务器之间建立连接的信息,但是关于如何在这种情况下使用ODBC DSN的信息很少。
Please note, I don't want to know how to encrypt the database, only how to encrypt the data going through the 'tubes'.
请注意,我不想知道如何加密数据库,只知道如何加密通过'管'的数据。
1) There is a checkbox in the DSN wizard called "Use strong encryption for data" -- with no help available for the option. Can anyone explain to me how that fits in with the Force Encryption flags in SQL Server and Client Configuration? Our application doesn't use the SQL Native Client interface, but relies on the ODBC DSN setup to connect to the database. Do I need to check this checkbox and install a root certificate? Is that all I need to do if the server is set up properly?
1)DSN向导中有一个名为“对数据使用强加密”的复选框 - 该选项没有可用的帮助。任何人都可以向我解释如何在SQL Server和客户端配置中使用Force Encryption标志吗?我们的应用程序不使用SQL Native Client接口,而是依赖ODBC DSN设置来连接数据库。我是否需要选中此复选框并安装根证书?如果服务器设置正确,我需要做的就是这样吗?
2) In documentation for the client and server encryption (http://support.microsoft.com/kb/316898), Microsoft states "You can enable the Force Protocol Encryption option on the server, or on the client. Do not enable the Force Protocol Encryption option on both the client and the server." Can anybody tell me why this is so? What happens if you get both of them enabled?
2)在客户端和服务器加密的文档(http://support.microsoft.com/kb/316898)中,Microsoft声明“您可以在服务器或客户端上启用强制协议加密选项。不要启用客户端和服务器上的强制协议加密选项。“谁能告诉我为什么会这样?如果你同时启用它们会发生什么?
3) Does #2 apply to DSN configurations, and if so, how?
3)#2是否适用于DSN配置,如果适用,如何?
So many questions. If you have experience with this, please share some of your hard-earned wisdom...
这么多的问题。如果您有这方面的经验,请分享您的一些来之不易的智慧......
Thanks, Dave
1 个解决方案
#1
I assume you have found this:
我假设你发现了这个:
http://technet.microsoft.com/en-us/library/ms189067%28SQL.90%29.aspx
Our application doesn't use the SQL Native Client interface, but relies on the ODBC DSN setup to connect to the database.
我们的应用程序不使用SQL Native Client接口,而是依赖ODBC DSN设置来连接数据库。
In the ODBC dsn you can choose the SQL Native Drivers, right?
在ODBC dsn中,您可以选择SQL Native Drivers,对吧?
Here's a good link with a spiffy table as well!
这也是一个与spiffy表的良好链接!
http://msdn.microsoft.com/en-us/library/ms131691%28SQL.90%29.aspx
And another blog post from the SQL team explaining a bit more
另一篇来自SQL团队的博客文章解释了一下
https://blogs.msdn.com/sql_protocols/archive/2005/11/10/491563.aspx
They don't explain why you shouldn't enable both client and server to require encryption - it doesn't seem like it would hurt anything. I'd say, just try it and see.
他们没有解释为什么你不应该让客户端和服务器都要求加密 - 它似乎不会伤害任何东西。我会说,试试看吧。
#1
I assume you have found this:
我假设你发现了这个:
http://technet.microsoft.com/en-us/library/ms189067%28SQL.90%29.aspx
Our application doesn't use the SQL Native Client interface, but relies on the ODBC DSN setup to connect to the database.
我们的应用程序不使用SQL Native Client接口,而是依赖ODBC DSN设置来连接数据库。
In the ODBC dsn you can choose the SQL Native Drivers, right?
在ODBC dsn中,您可以选择SQL Native Drivers,对吧?
Here's a good link with a spiffy table as well!
这也是一个与spiffy表的良好链接!
http://msdn.microsoft.com/en-us/library/ms131691%28SQL.90%29.aspx
And another blog post from the SQL team explaining a bit more
另一篇来自SQL团队的博客文章解释了一下
https://blogs.msdn.com/sql_protocols/archive/2005/11/10/491563.aspx
They don't explain why you shouldn't enable both client and server to require encryption - it doesn't seem like it would hurt anything. I'd say, just try it and see.
他们没有解释为什么你不应该让客户端和服务器都要求加密 - 它似乎不会伤害任何东西。我会说,试试看吧。