I think Microsoft really deserves credit for responding to questions
regarding the company's ability to produce secure and robust versions of SQL
Server 2005 and Visual Studio 2005.
Microsoft's representatives respond [1].
<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/
[1] http://www.escapeyesterworld.com/yes
MS does respond to queries and suggestions.
they also try to implement certain features, based on user's feedback
best Regards,
Chandra
http://www.SQLResource.com/
http://chanduas.blogspot.com/
---
*** Sent via Developersdex http://www.examnotes.net ***|||One time, at band camp...|||Most server and application security issues could be solved if people would
just learn to RTFM.
"clintonG" < csgallagher@.REMOVETHISTEXTmetromilwaukee
.com> wrote in message
news:eNeF4%23dnFHA.1148@.TK2MSFTNGP12.phx.gbl...
>I think Microsoft really deserves credit for responding to questions
>regarding the company's ability to produce secure and robust versions of
>SQL Server 2005 and Visual Studio 2005.
> Microsoft's representatives respond [1].
> <%= Clinton Gallagher
> METROmilwaukee (sm) "A Regional Information Service"
> NET csgallagher AT metromilwaukee.com
> URL http://metromilwaukee.com/
> URL http://clintongallagher.metromilwaukee.com/
> [1] http://www.escapeyesterworld.com/
>
Showing posts with label secure. Show all posts
Showing posts with label secure. Show all posts
Monday, March 26, 2012
Wednesday, March 21, 2012
Microsoft DevDays 2004 - Smart Client 3 - Security session
Hi there,
Have you guys watched the Smart Client 3: Developing Secure Smart Client
Applications by a presenter called Jeff Levinson
(http://msdn.microsoft.com/events/devdays/sessions/).
I have got a really really quick question regarding the security hole he
found on the demo...
(you need to have watched it to understand the following)
He said he decrypted his credential on the database server and upload his
database connection string in clear text' And then he can patcket sniff all
the traffic in between teh application server and the database server...
(Sorry, I may have heard it incorrectly as I was watching the webcast on the
net and English is not my mother tongue.)
Can someone explain to me a little more on what exactly did he mean.
Thanks heaps!!I have not watched this particular event but I have taught it. He is
probably talking about using IPSEC between the app server and database
server. This insures that you cannot use a packet sniffer to see the
unencrypted data on the network.
"one" <one@.discussions.microsoft.com> wrote in message
news:8E074D9C-184B-42BA-BFD8-FF33B3C1A659@.microsoft.com...
> Hi there,
> Have you guys watched the Smart Client 3: Developing Secure Smart Client
> Applications by a presenter called Jeff Levinson
> (http://msdn.microsoft.com/events/devdays/sessions/).
> I have got a really really quick question regarding the security hole he
> found on the demo...
> (you need to have watched it to understand the following)
> He said he decrypted his credential on the database server and upload his
> database connection string in clear text' And then he can patcket sniff
all
> the traffic in between teh application server and the database server...
> (Sorry, I may have heard it incorrectly as I was watching the webcast on
the
> net and English is not my mother tongue.)
> Can someone explain to me a little more on what exactly did he mean.
> Thanks heaps!!|||Thanks Chris. You are right. After reading your post, I went back and
listening to the webcast again and I found the transcript. And here is what
he said:
<snip>... There's one small problem, and that problem exists right here.
See I've gone and decrypted my database credentials, and then I've sent my
connection string to the database in plain text. Oops! With all this
security- all I need to do is drop a listener or somewhere on the network to
listen in between those two machines, and I'm going to pull back every piece
of data that you've put across the network we've gone through all this
trouble to secure... </snip>
And to resolve this issue, he suggested using IPSec.
Thanks again Chris.
"Chris Rolon" wrote:
> I have not watched this particular event but I have taught it. He is
> probably talking about using IPSEC between the app server and database
> server. This insures that you cannot use a packet sniffer to see the
> unencrypted data on the network.
>
> "one" <one@.discussions.microsoft.com> wrote in message
> news:8E074D9C-184B-42BA-BFD8-FF33B3C1A659@.microsoft.com...
> all
> the
>
>sql
Have you guys watched the Smart Client 3: Developing Secure Smart Client
Applications by a presenter called Jeff Levinson
(http://msdn.microsoft.com/events/devdays/sessions/).
I have got a really really quick question regarding the security hole he
found on the demo...
(you need to have watched it to understand the following)
He said he decrypted his credential on the database server and upload his
database connection string in clear text' And then he can patcket sniff all
the traffic in between teh application server and the database server...
(Sorry, I may have heard it incorrectly as I was watching the webcast on the
net and English is not my mother tongue.)
Can someone explain to me a little more on what exactly did he mean.
Thanks heaps!!I have not watched this particular event but I have taught it. He is
probably talking about using IPSEC between the app server and database
server. This insures that you cannot use a packet sniffer to see the
unencrypted data on the network.
"one" <one@.discussions.microsoft.com> wrote in message
news:8E074D9C-184B-42BA-BFD8-FF33B3C1A659@.microsoft.com...
> Hi there,
> Have you guys watched the Smart Client 3: Developing Secure Smart Client
> Applications by a presenter called Jeff Levinson
> (http://msdn.microsoft.com/events/devdays/sessions/).
> I have got a really really quick question regarding the security hole he
> found on the demo...
> (you need to have watched it to understand the following)
> He said he decrypted his credential on the database server and upload his
> database connection string in clear text' And then he can patcket sniff
all
> the traffic in between teh application server and the database server...
> (Sorry, I may have heard it incorrectly as I was watching the webcast on
the
> net and English is not my mother tongue.)
> Can someone explain to me a little more on what exactly did he mean.
> Thanks heaps!!|||Thanks Chris. You are right. After reading your post, I went back and
listening to the webcast again and I found the transcript. And here is what
he said:
<snip>... There's one small problem, and that problem exists right here.
See I've gone and decrypted my database credentials, and then I've sent my
connection string to the database in plain text. Oops! With all this
security- all I need to do is drop a listener or somewhere on the network to
listen in between those two machines, and I'm going to pull back every piece
of data that you've put across the network we've gone through all this
trouble to secure... </snip>
And to resolve this issue, he suggested using IPSec.
Thanks again Chris.
"Chris Rolon" wrote:
> I have not watched this particular event but I have taught it. He is
> probably talking about using IPSEC between the app server and database
> server. This insures that you cannot use a packet sniffer to see the
> unencrypted data on the network.
>
> "one" <one@.discussions.microsoft.com> wrote in message
> news:8E074D9C-184B-42BA-BFD8-FF33B3C1A659@.microsoft.com...
> all
> the
>
>sql
Subscribe to:
Posts (Atom)