Hide sql query from packet sniffers

Question

I've got a database login on a desktop application made in C#.

To check if the user exists, I do a WHERE clause and get the row returned. If row is returned...then user exists.

My problem is pack sniffers can see the strings being returned. They are encrypted and such but some people could use a auto mated response to fool the application into thinking it was right.

Is there a way to hide my DB stuff from packet sniffers?

Answer 1

Yes - you can do that by using an encrypted connection (SSL certificate based)... for details and some sample configuration/code see:

• http://msdn.microsoft.com/en-us/library/ms189067.aspx
• http://msdn.microsoft.com/en-us/library/ms191192.aspx
• http://support.microsoft.com/kb/316898/en-us
• http://blogs.msdn.com/b/sql_protocols/archive/2005/11/10/491563.aspx
• https://serverfault.com/questions/351/how-to-enable-encrypted-connections-to-a-sql-server-instance
• http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.connectionstring.aspx