Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
leifthoreson
Starting Member
16 Posts |
 Posted - 2007-10-01 : 15:01:08
|
| Greetings all. I am currently working to improve the security on a legacy application we have at my company. The app was written in vb6 years ago. We now have the app running against a sql 2005 server. One of the function/screens in the application is used to administrate users. (each user has a sql user id) and one of the functions is to reset the password. The vb code uses a call to sp_password. Here is the problem. We setup a network sniffer and found the command being in plain text. While the user logon is encrypted ( SSL Fallback) the sp_password commands issued by the app are plan text. Anyone know of a way to make this encrypted?Leif |
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2007-10-01 : 22:25:51
|
| Tried enable protocol encryption in sql server configuration manager? |
 |
|
|
leifthoreson
Starting Member
16 Posts |
Posted - 2007-10-03 : 13:54:32
|
Thanks I'm testing that right now. It seems to work I'm just a little concerned about how other legacy applications might work or not work against this server when I do this., some are 3rd party apps so I have no clue on the source code behind them.Leif quote:
Originally posted by rmiao
Tried enable protocol encryption in sql server configuration manager?
|
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2007-10-03 : 22:49:43
|
| It's sql protocol between sql server and client, should work if app connects to sql server with sql protocols. |
|
|
|
|
|
|
sp_password in plain text