问题描述
我们正在测试我们应用程序的概念证明.
We are testing a proof of concept of our apps.
我们在Azure上拥有一个托管SQL Server实例,该实例承载我们的数据库.在调试现有的Azure人员之前,我想知道是否可以强制进行传输中加密?我想确保来自各个客户端(应用程序,网站,服务)的连接被强制加密.我不是在谈论表和文件的加密,而是在连接本身.
We have a managed SQL Server instance on Azure that hosts our database. Before I go bug the Azure personnel we have on hand, I want to know if it is possible to force in-transit encryption? I want to make sure my connections from my various clients (apps, web site, services) are forced to encrypt. I am not talking about the encryption of tables and files but the connections themselves.
通过谷歌搜索,我仅找到此链接( https://docs.microsoft.com/zh-cn/azure/security/fundamentals/encryption-overview#tlsssl-encryption-in-azure )告诉我它正在工作,但是可以配置它,还是默认将其加密?
By googling, I found only this link (https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview#tlsssl-encryption-in-azure)that tells me it is working but, can it be configured, or is it defaulted to encrypt?
在常规SQL Server上,我可以轻松地在计算机本身上,在SQL Server配置管理器中,并右键单击实例的协议,在SQL Server网络配置中的标志"选项卡中,选择强制加密为是,然后选择是否选择证书等.
On a regular SQL Server, I go easily on the machine itself, in the SQL Server configuration manager and right-click over Protocols for my instance, in SQL Server Network configuration, in the Flags tab I choose Force Encryption to Yes and then choose or not certificates, etc.
有人可以帮我解决这个问题吗?
Can anyone help me figure this one out?
提前谢谢!
user7379674
user7379674
推荐答案
默认值是加密所有通过TLS传输的连接,如 https://docs.microsoft.com/zh-cn/azure/sql-database/sql-database-security-overview#transport-layer-security-tls-encryption-in-transit
The default is to encrypt all connections in transit via TLS as outlined at https://docs.microsoft.com/en-us/azure/sql-database/sql-database-security-overview#transport-layer-security-tls-encryption-in-transit
不同于SQL Server(可以通过将强制协议加密"设置为"OFF"来配置此设置),默认情况下,此设置对于SQL数据库处于启用状态,并且不可使用.
Unlike SQL Server ( where you can configure this by setting Force Protocol Encryption to OFF), this setting is on by default for SQL Database and is not use configurable.
此规则的例外是一些非常旧的客户端(例如jTDS),可以向下协商(根据TDS协议)并以未加密的方式连接.不用说,我们建议您使用最新的驱动程序.确保您的应用程序按照上述最佳做法进行连接.
The exception to this rule are some very old client ( e.g. jTDS) that can negotiate down (per TDS protocol) and connect unencrypted. Needless to say, we would advise you to use latest drivers & ensure that your app connects per the best practices outlined above.
这篇关于如何像常规SQL Server一样在Sql Azure上强制进行传输中加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!