Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
sql777
Constraint Violating Yak Guru
314 Posts |
 Posted - 2003-02-06 : 17:14:14
|
| If I connect to EM with the sa password, is the password sent as plain text over the wire? |
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2003-02-06 : 18:03:35
|
| I think Intergrated Authentication is the only one that is encrypted. That SA password should be able to be grabbed by a sniffer.Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
 |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2003-02-06 : 18:35:46
|
| I believe that it depends on the version of SQL. For SQL2k, the password is encrypted over the wire, for 7.0 it is not. This is just what I can remember, so if I am incorrect, then so be it. I know this is true for the registry. When you register your server in EM, the user and password in 7.0 was in plain text (it was a little hidden, but it is in plain text once you open up the right value data). For SQL2k, the registration information is encrypted in the registry, but you can still export the values and import them on another machine and magically that person can use sa without ever having to have known about the sa password or ever have had to register the server in EM. |
|
|
|
jasper_smith
SQL Server MVP & SQLTeam MVY
846 Posts |
Posted - 2003-02-07 : 06:36:20
|
When connecting via SQL Authentication in SQL2000 the password is "encrypted" although that's probably too strong a word. It is fairly trivial to spot and decrypt the password obtained from a network sniffer (I use a UDF for this). However, if you use SSL encryption in SQL2000 then it will be encrypted. NT Authentication doesn't pass a password across the wire so if at all possible use NT Authentication or enable SSL if you must use SQL authentication. So to answer your question  it's NOT passed (or stored) as plain text.HTHJasper Smith |
|
|
|
|
|
|
Enterprise manager and secure?