1. SSL encrypted database connection between ASP (via ADO) and SQL Server 2000
I have been looking everywhere to try and find an answer to this question
but keep finding only vague hints as to how to actually do it. I hope that
someone here might be able to help me out, here's the scenario:
The ASP site is hosted on a web server on another machine. Data is captured
from the client to the web server via SSL. After the web server receives
the data, I want to store it to a database. The database server (running
SQL Server 2000) is on a different machine than the web server so in order
to transfer the sensitive data over the network it needs to be done using
SSL. Sounds like a simple enough requirement, right?
Well, I read through Books Online, MSDN, searched all over the web an
haven't found more than some vague references to using the Multiprotocol net
library to support an SSL connection. That's great, except that I can't
find an example of the proper ADO data connection string to make that
happen. I tried a DSN-less connection, a DSN connection (with encryption
checked) and I always get the following error from the web server:
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[Microsoft][ODBC SQL Server Driver][Shared Memory]SSL Security error
I downloaded the SQL Server 2k security whitepaper and there was a brief
paragraph about this and it said to add "Encrypt=yes" to the connection
string, which I did. Still had the same problem. Do I need to install the
SSL certificate somewhere within SQL Server itself (It's already installed
as a trusted certificate in IIS and on the domain for that machine) but I
can't find any place within SQL server itself where I can import the SSL
certificate, and once again no documentation.
Hopefully somebody out there might know a little bit more about this than I
do...it's amazing how few people have even thought of this before. Is there
a better way to secure the transfer than SSL that I'm overlooking? How else
would I move a credit card number from the web server to the database? The
CC number will eventually be encrypted through the ASP as well, but I don't
feel comfortable sending that string over open TCP/IP without using SSL, and
I don't think the customers would either.
Thanks in advance!
2. What happened to my descriptions?
3. connection to SQL Server via OLE-DB on COGNOS Impromptu
4. Store Proc output in text file?
5. connection to SQL SERVER 7.0 via OLE-DB using COGNOS IMPROMPTU 7.0 tool
6. An SQL
7. SQL SERVER 2000/OLE DB/ODBC Trusted Connections.
8. Weird error
9. Intermittant problem with an ASP connection to SQL Server 2000
10. SQL 2000 Connection Script in asp
11. Using OLE DB Provider for DB2 (HIS 2000) in SQL Server 2000 is a pain
12. OLE DB Provider - IIF.2000 to SQL Server 2000
13. SQL Server 7/OLE DB Connection Problem