.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Why SQL accepts both encrypted connection and non-encrypted connections when force encryption option

Posted By:      Posted Date: September 01, 2010    Points: 0   Category :Sql Server
I have installed a certificate and have set force encryption to yes under the flags' tab of protocols' window as well as SQLnative client configuration properties but SQL Server accepts both encrypted connection and non-encrypted connections,why?(i have checked the encrypt connection of the connection properties of connect to server window). also when i run profiler, it can capture both T-SQL statements which has run against encrypted and non-encrypted connection and i expect the profiler should not be able to get the encrypted connection's T-SQL statement,am I right or something is wrong with my  configurations?--yousef

View Complete Post

More Related Resource Links

JDBC Driver - is the connection to DB encrypted?


I'm using the JDBC4 driver.  As with most Java DB connections you create a connection URL similar to:

jdbc://myDatabaseServer user=jimmy; password=foobarbaz

My question is: is this login data transmitted to the SQL server in a secure manner when using the Microsoft JDBC4 driver?






Server 2008 R2 Express accepts only local connections?

My question SQL Server 2008 R2 Express accepts only local connections? [closed] was closed unanswered and my account (with the same username/nick vgv8) was banned in 1 min without any warning and notification from all StackExchange sites (StackOverFlow.com, ServerFault.com, SuperUser.com). I could not understand can MS SQL Server 2008 R2 Express  accept remote connections? And what are local connections - in the same subnetwork, AD, workgroup, the same machine? 

Coding is not working for Making Password Field Encrypted in sql and using sessions .basically its a

Dim cn As SqlConnection         Dim cmd As SqlCommand         Dim dr As SqlDataReader         cn = New SqlConnection         cn.ConnectionString = ConfigurationManager.ConnectionStrings("fees_systemConnectionString").ToString         cn.Open()         cmd.Connection = cn         cmd.CommandType = CommandType.Text         Dim Hashpass As String = FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, "sha1")         cmd.CommandText = "Select * from login where username='" & Me.txtUsername.Text & "' and password = '" & Hashpass & "'"         Dim re As SqlDataReader = cmd.ExecuteReader()         If re.HasRows Then             While re.Read()                 Session("email_id") = re("username").ToString()                 Session("MemberType") = re("type").ToString()                 Session("ISLOGIN&

Encrypted and Decrypted Field.

Hiii All; Hope you are doing well .. I want to encrypt all the data under one of the column we got here. How can i do that?! And what shall i do to decrypt it? The current data is something like this: Name:           Number: Smith            123456 Gorge           938483 So I want it to be like this: Name:            Number: Smith             XXXXXX Gorge            XXXXXX   Thank you.

Encrypted network traffic

I have an MSSQL 2000 server that has an SSL certificate. In the SQL Server network utility, 'Force protocol encryption' is checked. Looking at the traffic with Wireshark, it's no longer in plain text. However, the certificate is issued to say a.mydomain.com. If I create a dns record such that b.mydomain.com resolves to the same address and then use Query Analyzer to connect to b.mydomain.com everything still works. I get no sort of warning like I would if I used a web browser to visit an https site where the certificate had been issued to a different name. Is this to be expected? Regards Richard

Export Encrypted Certificate

Hi, I have successfully created the neccessary encryption certifaicates/keys/master key on a local sql server instance. I would like now to export that same settings to a new client instance so that we can do the following: Make sure that only licensed users are able to log in to the system. So the way I thought I could do this was to create a master encrypted value on our main server and then export this certificate to the client db. Then I would store encrypted values (from our main server) in the client user table. Upon logging into the app the application would attempt to decrypt these values using the orginal installed certificate, upon successful decryot to a value that the application will recognise the user will then be able to log in. Is this sort of thing possible using sql server. I have succesfully restored the certificate onto a new instance but upon running the decrypt it does not recognise the encrytpted value. Any help/suggestions/links would be most most welcome/ Thanks in advance

How can i decrypt an encrypted stored procedure?

hi there,i'm having a problem on how to decrypt an encrypted stored procedure on SQL Server 2008i've tried asking my workmates but they mentioned that they're forgotten the basic syntax to decryptmost of the query i can find are for sql server 2005.. are they usable to sql server 2008?i found this but it doesn't seem to helpCreate Procedure Decryptsp2K (@objName varchar(50)) AS -- INPUT: object name (stored procedure, view or trigger) DECLARE @a nvarchar(4000), @b nvarchar(4000), @c nvarchar(4000), @d nvarchar(4000), @i int, @t bigint --get encrypted data SET @a=(SELECT ctext FROM syscomments WHERE id = object_id(@objName)) SET @b='ALTER PROCEDURE '+ @objName +' WITH ENCRYPTION AS '+REPLICATE('-', 4000-62) EXECUTE (@b) --get encrypted bogus SP SET @c=(SELECT ctext FROM syscomments WHERE id = object_id(@objName)) SET @b='CREATE PROCEDURE '+ @objName +' WITH ENCRYPTION AS '+REPLICATE('-', 4000-62) --start counter SET @i=1 --fill temporary variable SET @d = replicate(N'A', (datalength(@a) / 2)) --loop WHILE @i<=datalength(@a)/2 BEGIN --xor original+bogus+bogus encrypted SET @d = stuff(@d, @i, 1, NCHAR(UNICODE(substring(@a, @i, 1)) ^ (UNICODE(substring(@b, @i, 1)) ^ UNICODE(substring(@c, @i, 1))))) SET @i=@i+1 END --drop original SP EXECUTE ('drop PROCEDURE '+ @objName) --remove encryption --try to p

DPAPI encrypted string size?


Hi All,

I am now using DPAPI to encrypt some private keys and store them into a database, the system works fine, however, i found some issue with Window 7 x64. The story is like bellow:

the key we are going to encrypt is a fixed length string, 32 characters, actually it's a GUID. and I need to encrypt them by DPAPI and encode the result by base 64, and thus will generate somehow a string with about 200 characters, I use a varchar(255) to store it in database. but for Windows 7 x64, the result seems much longer, more than 300 characters. so our application fails to save it to database.

can anyone tell me what is the expected size by encrypting by DPAPI? or for my case, how long the database column should be sufficient?


Thank you in advance and waiting for your suggestion.

Liang(China) From SAP

Decrypt the encrypted store procedure through the T-SQL programming in SQL Server 2005


HI ,


I have a encrypted store procedure in my production server .Right now I do not have the script now I want do some modification.

Please any one can help me to decrypt the store procedure it will be a great help for me.


For any suggestion thanks  in advance.

" Education is the beginning of transformation. Dedicate yourself to daily learning via Blogs/Forums/books and coaching "
Click here to read my blog

encrypted response.write


I'm using JQuery and .NET ashx file (Generic Handler) to hand some  Web based input / output STUFF.
Works great. Smile My problem is, when I do view source in browser, I can clearly see the handler file for example
$.get('/MyApp/MyHandler.ashx'); How can I encrypt it so that it is not so obvious ?

Sending encrypted Querystring (with + Symbol) problem


I Sending a querystring value When it is encryped , I got the encypted value with +symbol

from vb.net code behind......

At that time The querystring contain link does not work properly....

How can i solve this issue..........????

Is there an option to force Strong Name Validation when Application is under Membership condition UR


i'm working in a team that develops a managment Application that manages our
Hardware Product.
The project is written in .Net Technolgy Winforms + Smart Client which is
downloaded from our hardware Web Site and running under Internet Exploerer
which acts as a container for our application.

Inorder for Our Application to run we set .Net Security Additiona Code Group
with our required Permission Set with MemberShip Condition URL.
So far So Good.

We are about to pass U.S Federal Certification for the Application and
according to the Federal Testsing for the application to be approved our
application needs to use one of the following membership Conditions: Strong
Name, Publisher, or Hash.

The problem is that when running under Internet Explorer we fall under the
URL membership condition and Creating any of the 3 member ship conditions
above will not work since application is downloaded from the URL and running
as a smart client.

Does Microsoft Security Experts have anysuggesion ? Something we do not
understand Correctly ? workaround ?

Just to Give an idea of the requirements see below some of th

Business Data Item Builder Missing "Connections" menu option.


On the Business Data Item Builder menu there is typically an option that says "Connections" and then you can connect the item builder to a Business Data Item Web Part. Our Business Data Item Web part is set up properly and our ADF file (and query string) is unchanged, but the Connections option has disappeared. Any help or insight into this issue is much appreciated.

Retrieving encrypted data in code


I am using sql server 2k5 database encryption with a symmetric key protected by password. Symmteric key password is stored in application memory on the server and cannot be stored in plain text in sps.

In SQL Mgmt Studio, i run a query opening symmetric key, exec Mysp and close key - data returns decrypted. In my c# code tho, when i want to call the same sp to read some encrypted data, i am issuing 3 separate commands since i am using stored procs to return data. In order:

  1. submit the SqlCommand(CommandType=Text) “open symmetric key MyKey decryption by password = ‘mypassword’” to open the key
  2. submit a SqlCommand(CommandType=SP) to call my stored proc with parms etc. to read encrypted data
  3. submit the SqlCommand(CommandType=Text) “close symmetric key MyKey” to close the key

If i issue the 3 commands in that order, the data is returned but encrypted columns are not decrypted.

The only way i can get back decrypted data is to wrap all 3 commands in a sqlTransaction. Since some stored procs are taking a long time to return it is causing deadlocks (long running sps is another issue). i am simply reading data so dont need transactional context but it seems unless i open the key, read my data and close the key in a transaction the key does not remain open

Q. I

Is backup encrypted if database is encrypted?


Particularly, if I encrypt a database can I send a backup of it over a non-secure FTP with relatively high assurance it cannot be accessed?


Password Encrypted Email in C#


Hi all ,

I need to send password encrypted email in C# -

how hard is this to do ?,

and how to do it ...??

Do you nee SSL certificate or not ?

I know how to send normal emails becuase i did it already but not encrypted emails

If you have personal experience , then tell me the how.

Thx guys . Your help is appretiated

SQL Server 2008 TDE - should the ReportServer database be encrypted with TDE


The ReportServer database (and ReportServerTempDB) contains encrypted data...but when all the databases on an instance are encrypted using TDE, are there any issues with also encrypting the ReportServer/ReportServerTempDB database that happen to be on that same instance? (I am not concerened with performance issues, unless they would definitely be severe for SSRS.)


ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend