如何从Perl DBI保护与SQL Server的连接?

时间:2022-11-25 19:43:04

I need to connect to a secure SQL Server database using Perl DBI. I need to find a way to authenticate the user securely (without fear of eavesdropping, and without storing passwords on the client side). I'm using SQL Server 2008 on Windows Server 2008, and Perl 5.10 on XP.

我需要使用Perl DBI连接到安全的SQL Server数据库。我需要找到一种安全地验证用户的方法(不用担心被窃听,也不需要在客户端存储密码)。我在Windows Server 2008上使用SQL Server 2008,在XP上使用Perl 5.10。

SQL Server supports encrypted connections via something called the "SQL Server Native Access Client API", but I cannot tell whether this is supported by any DBD driver, or how to use it if it is.

SQL Server通过称为“SQL Server Native Access Client API”的东西支持加密连接,但我无法判断任何DBD驱动程序是否支持它,或者如果它是如何使用它。

I am reluctant to use the DBD::ODBC driver with SQL Server authentication, because ODBC transmits user IDs and passwords in cleartext.

我不愿意将DBD :: ODBC驱动程序与SQL Server身份验证一起使用,因为ODBC以明文形式传输用户ID和密码。

I can't use the DBD::ODBC driver with Windows authentication (trusted connection), because the server is not on any Active Directory domain that is accessible from the client's network.

我不能将DBD :: ODBC驱动程序与Windows身份验证(可信连接)一起使用,因为服务器不在可从客户端网络访问的任何Active Directory域上。

How can I secure my connections to the database? Thanks.

如何保护与数据库的连接?谢谢。

3 个解决方案

#1


I am reluctant to use the DBD::ODBC driver with SQL Server authentication, because ODBC transmits user IDs and passwords in cleartext.

我不愿意将DBD :: ODBC驱动程序与SQL Server身份验证一起使用,因为ODBC以明文形式传输用户ID和密码。

That is not strictly true. If you are using a recentish SQL Server and have not disabled encryption in it then the username/password and connection string are encrypted as follows:

这不完全正确。如果您使用的是最近的SQL Server并且未在其中禁用加密,则用户名/密码和连接字符串将按如下方式加密:

The client contacts the server and tells it what it is capable of (e.g., it can do SSL). If the server then supports SSL it requires the client end to encrypt the connection info and falls back to unencrypted after that. You should also see the "Use Strong encryption for data" checkbox in the DSN.

客户端联系服务器并告诉它能够做什么(例如,它可以执行SSL)。如果服务器然后支持SSL,则它要求客户端加密连接信息并在此之后回退到未加密。您还应该在DSN中看到“对数据使用强加密”复选框。

#2


Two options:

  1. Create an IPSec tunnel between two locations. Some info here: technet.microsoft.com/en-us/library/cc737154(WS.10).aspx technet.microsoft.com/en-us/library/cc786385(WS.10).aspx

    在两个位置之间创建IPSec隧道。这里的一些信息:technet.microsoft.com/en-us/library/cc737154(WS.10).aspx technet.microsoft.com/en-us/library/cc786385(WS.10).aspx

  2. Enable SSL. I am not sure how well it would be protected. technet.microsoft.com/en-us/library/ms189067.aspx

    启用S​​SL。我不确定它会受到多大程度的保护。 technet.microsoft.com/en-us/library/ms189067.aspx

#3


I would suggest that you use some kind of secured connection system. It might be IPSec, but it is often viewed as complicated, so you might be better (or faster) off with OpenVPN, which I use, and generally am happy with.

我建议您使用某种安全连接系统。它可能是IPSec,但它通常被认为是复杂的,所以你可能会更好(或更快)关闭我使用的OpenVPN,并且通常很满意。

It can be used on virtually any operating system, is fast, and free. You can check it here: http://openvpn.net/

它几乎可以在任何操作系统上使用,速度快,免费。你可以在这里查看:http://openvpn.net/

#1


I am reluctant to use the DBD::ODBC driver with SQL Server authentication, because ODBC transmits user IDs and passwords in cleartext.

我不愿意将DBD :: ODBC驱动程序与SQL Server身份验证一起使用,因为ODBC以明文形式传输用户ID和密码。

That is not strictly true. If you are using a recentish SQL Server and have not disabled encryption in it then the username/password and connection string are encrypted as follows:

这不完全正确。如果您使用的是最近的SQL Server并且未在其中禁用加密,则用户名/密码和连接字符串将按如下方式加密:

The client contacts the server and tells it what it is capable of (e.g., it can do SSL). If the server then supports SSL it requires the client end to encrypt the connection info and falls back to unencrypted after that. You should also see the "Use Strong encryption for data" checkbox in the DSN.

客户端联系服务器并告诉它能够做什么(例如,它可以执行SSL)。如果服务器然后支持SSL,则它要求客户端加密连接信息并在此之后回退到未加密。您还应该在DSN中看到“对数据使用强加密”复选框。

#2


Two options:

  1. Create an IPSec tunnel between two locations. Some info here: technet.microsoft.com/en-us/library/cc737154(WS.10).aspx technet.microsoft.com/en-us/library/cc786385(WS.10).aspx

    在两个位置之间创建IPSec隧道。这里的一些信息:technet.microsoft.com/en-us/library/cc737154(WS.10).aspx technet.microsoft.com/en-us/library/cc786385(WS.10).aspx

  2. Enable SSL. I am not sure how well it would be protected. technet.microsoft.com/en-us/library/ms189067.aspx

    启用S​​SL。我不确定它会受到多大程度的保护。 technet.microsoft.com/en-us/library/ms189067.aspx

#3


I would suggest that you use some kind of secured connection system. It might be IPSec, but it is often viewed as complicated, so you might be better (or faster) off with OpenVPN, which I use, and generally am happy with.

我建议您使用某种安全连接系统。它可能是IPSec,但它通常被认为是复杂的,所以你可能会更好(或更快)关闭我使用的OpenVPN,并且通常很满意。

It can be used on virtually any operating system, is fast, and free. You can check it here: http://openvpn.net/

它几乎可以在任何操作系统上使用,速度快,免费。你可以在这里查看:http://openvpn.net/