none
security - passwords RRS feed

  • Question

  • Hi Scripting Guys,

    I've got a script that connects to my sql server in my test lab. At the moment I specify the username and password in plain text. I want to secure the password so noone can see it, I want to avoid just storing them on a remote part of the machine in a text file etc..

    I have created a secure string and succeffully encrypted my password and decrypted it for use for the sql connection, however when I move the script to another machine it no longer works, reading up I can see why this is. 

    So my question is, can you suggest a way to encrypt my password so it can be used on multiple machines to connect to my sql server.

    Examples are always welcome :)

    Many thanks

    Joe

    Thursday, August 7, 2014 10:31 AM

Answers

  • This is one of the most compelling reasons to use integrated security.

    Passwords sent on a connections string are always sent in plain text.  They are always discoverable.  YOU can only set IPsec or set the SQLServer to run fully encrypted. 

    If you must run mixed security then you will never be safe and the password will have to be re-encrypted on each platform.

    If you are in a domain then just use integrated security and no password will be needed.

    Post you security issues int eh SQLServer forum.  THey will help you understand how we use and secure SQLServer.


    ¯\_(ツ)_/¯

    • Marked as answer by JOEs_SG Thursday, August 7, 2014 11:49 AM
    Thursday, August 7, 2014 11:42 AM

All replies

  • This is one of the most compelling reasons to use integrated security.

    Passwords sent on a connections string are always sent in plain text.  They are always discoverable.  YOU can only set IPsec or set the SQLServer to run fully encrypted. 

    If you must run mixed security then you will never be safe and the password will have to be re-encrypted on each platform.

    If you are in a domain then just use integrated security and no password will be needed.

    Post you security issues int eh SQLServer forum.  THey will help you understand how we use and secure SQLServer.


    ¯\_(ツ)_/¯

    • Marked as answer by JOEs_SG Thursday, August 7, 2014 11:49 AM
    Thursday, August 7, 2014 11:42 AM
  • Thanks Jrv
    Thursday, August 7, 2014 11:49 AM