Microsoft KB Archive/252660

= INF: SQL Server 7.0 Clients Can Send Encrypted Password Strings =

Article ID: 252660

Article Last Modified on 4/27/2001

-

APPLIES TO


 * Microsoft SQL Server 7.0 Standard Edition

-



This article was previously published under Q252660



SUMMARY
To prevent someone from being able to view a password in clear text, standard SQL Server ODBC connections to a SQL Server 7.0 server appear encrypted in a network trace.



MORE INFORMATION
If the ODBC client is using the 3.70.0623 SQL Server driver, or later, and is also using standard SQL Server security, the user password that is sent is encrypted if the following conditions are true:
 * The ODBC client has previously established a connection to the server.
 * The ODBC client is using the SQL Server Driver 3.70.0623, or later.

The encryption algorithm used is not strong, does not use a 128 bit algorithm, and is not recommended for connections across the internet.

Initial connections to a SQL Server 7.0 server send the 6.5 login packet and the password is visible. After a connection is established, the client updates the following registry key with the server name and the SQL Server 7.0 string:

HKLM\Software\Microsoft\MSSQLServer\Client\TDS

After the registry key is updated, future connections from the client to the server encrypt the password string.

Microsoft SQL Server 2000 network libraries support strong encryption through Secure Sockets Layer (SSL).

Keywords: kbinfo KB252660

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.