0

I there a way to connect my flask app to SQL Server using TDE encryption?

I'm using this configuration:

SQLALCHEMY_DATABASE_URI = 'mssql+pymssql://%s:%s@%s/%s' % (MYSQL_USER, MYSQL_PASSWORD, MYSQL_HOST, MYSQL_DB)

I saw there is a way to connect ssl:

ssl_args = {'ssl_ca': ca_path}

But my database is encrypt with TDE encryption. and I wish to create a secured connection.

My configuration:

  • SQL Server
  • Flask - sqlalchemy
  • Windows

Thank you for your help!

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Sapir
  • 19
  • 2
  • 2
    TDE and SSL connections are orthogonal features. You can connect with SSL whether or not the database is encrypted, and the database being encrypted (TDE) doesn't force SSL connections. Making an SSL connection does *not* encrypt the database itself, that just secures the data over the wire (conversely, making an unsecured connection to a TDE-encrypted database means the data is encrypted on disk, but sent over the wire unencrypted). This makes it unclear what your actual question is about. – Jeroen Mostert Dec 12 '19 at 15:28
  • Thank you for your answer! If I have a db which encrypted with TDE. Is it make sense that i can see my data with the connection i mentioned above? for example after i make the connection i execute ' select * from tablename' and i succeed to see all the data in the table. Or does it mean something went wrong with my encryption process? Moreover how to you suggest to make all the process the most secure as possible? As I see it to stay with the tde encryption in my db and also make secure connection using ssl as you explained before. I will be appreciate any of your help! Thanks – Sapir Dec 14 '19 at 16:50
  • The "T" in TDE stands for "transparent" -- as in, the fact that the database files are encrypted on disk is transparent to the client application. You'll be able to select and see the data just fine, just as you would with an unencrypted database. Apparently your actual question is "how do I make an SSL connection to SQL Server using SQLAlchemy", to which I don't know the answer. Neither SQLAlchemy nor `pymssql` mention how to do this, only that SSL support is available. Besides SO, the help suggests [other support sources](https://www.sqlalchemy.org/support.html) that may be more active. – Jeroen Mostert Dec 14 '19 at 21:08

0 Answers0