0

I have a Winforms (C#, .NET 4.0) application and I would like to connect to a remote SQL Server 2012 Express. Also I would like to send and receive data from the SQL Server to my application in an encrypted way, so that a potential hacker would not know which data is being sent and that could not tamper with data.

Example1:

my app: select * from .."  --> ENCRYPTED via network -->  "select * from .." SQL Server

Is there some easy way to do this, or should I also have my own Server application with which I would communicate via SSL and then locally communicate between SQL Server and my server application.

Example2:

my app: "select * from .."  --> ENCRYPTED via network 
     -->  "select * from .." my server app 
     --> plaintext to local SQL Server --> "select * from .."

I want to protect (encryption & anti tampering) all (both ways) the communication on the network.

Thank you for your time and help.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Ben
  • 2,435
  • 6
  • 43
  • 57
  • 3
    You should put the SQL Server behind a firewall and communicate with it using an HTTPS webservice. – SLaks Mar 09 '12 at 20:49

1 Answers1

1

SQL Server supports SSL, see Encrypting Connections to SQL Server. Both paths (from SQL to your APP and from your app to SQL) can be explicitly require to be encrypted, simply request ENCRYPT=yes in the connection string. Of course, you need the proper certificate trust chain to be set up (ie. purchase certificates signed by a trusted authority like Thawte, GlobalSign or VeriSign).

Remus Rusanu
  • 288,378
  • 40
  • 442
  • 569