I am using Sync framework default database provider to synchronization (Sync framework 2.1). Can anyone please give me bit explanation how data transfer between client and server with sync framework? Are there any security threat with this Synchronizing? Can we use encryption with default database provider?
I read the following article,
http://msdn.microsoft.com/en-us/sync/bb887608.aspx
From a synchronization perspective, Sync Framework supports the
ability to encrypt data as it travels between databases. On the
corporate side, SQL Server 2008 as well as existing IIS security can
be leveraged for user authentication as users exchange data.
we are using the default sync provider. Can we use default database provider to synchronize over the HTTPS or SSL? Basically what I need to know is, can someone see the data transferring between client to server?
Please give me your answer.
Regards,
This post help me when I was using this technology
Making database schema changes using Microsoft Sync framework without losing any tracking table data
Here you can find two articles with information
https://drive.google.com/folderview?id=0B_21acb3mbRQV3Mxdm5TeVVTcEU&usp=sharing
Hi if your are using ssl its enough for encryption purpuse
Hope it helps
Sync Framework OOTB doesn't encrypt data over the wire.
if you're synching over HTTP, then you can enable SSL to encrypt the traffic.
you can also enable TDS encryption on the SQL Connection.
Related
I am trying to design something to authenticate my VERNEMQ mqtt broker clients using a SQL Server backend. I've read about webhooks and can use it but the deal breaker being that it does not support HTTPS. Was wondering if we can make vernemq directly authenticate from SQL Server, I've seen existing implementations on cockroach DB/Mongo/MySQL.
I think your 2 best options are a) to develop a native Plugin, possibly over ODBC driver, or b) contribute HTTPS WebHooks support to the VerneMQ project.
(as a maintainer of the project, I can say that PR's are always welcome ;)
I get to know that we can use List to make different rooms/lobby over server. I am new to server side development. I am bit confuse now. Like i need to make list(rooms) at server side. So which module I'll use to make server side code ? should i code using node js module of deepstream . Currently i have just connected to deepstream server and also connected rethinkdb and redis cache connector. So do i need to write a separate node module to do server side coding using node deepstream.io-client-js ? or do i need to implement a server over deepstream.io module?
it would be a great help if anyone can tell
When using deepstream, the notion of 'server-side coding' is less clear than in traditional http-based applications. Usually the client will communicate directly with the deepstream server, and often application logic can be defined directly in the client. Security is then provided by configuring Valve permissions and authentication in the deepstream config.
For cases where application logic cannot be handled securely on the client, we recommend setting up Data Providers. Here, one or more 'provider' servers will run a deepstream client and provide access to a resource through deepstream's RPCs (remote procedure calls) or using the Active Provider pattern.
I have a microsoft sql server database (2012) and its currently being backed up using maintenance plans. I have a full back up, differential back up and transaction logs backup in my plan. For security reason i would like to add password protection on these files. Is there any way to achieve this within my maintenance plan? Thanks in advance.
I found this link and it will work for me (for now at least).
https://msdn.microsoft.com/en-us/library/bb934049.aspx
The following is from Microsoft Website
Transparent Data Encryption (TDE)
Transparent Data Encryption (TDE) encrypts SQL Server and Azure SQL
Database data files, known as encrypting data at rest. You can take
several precautions to help secure the database such as designing a
secure system, encrypting confidential assets, and building a firewall
around the database servers. However, in a scenario where the physical
media (such as drives or backup tapes) are stolen, a malicious party
can just restore or attach the database and browse the data. One
solution is to encrypt the sensitive data in the database and protect
the keys that are used to encrypt the data with a certificate. This
prevents anyone without the keys from using the data, but this kind of
protection must be planned in advance.
TDE performs real-time I/O encryption and decryption of the data and
log files. The encryption uses a database encryption key (DEK), which
is stored in the database boot record for availability during
recovery. The DEK is a symmetric key secured by using a certificate
stored in the master database of the server or an asymmetric key
protected by an EKM module. TDE protects data "at rest", meaning the
data and log files. It provides the ability to comply with many laws,
regulations, and guidelines established in various industries. This
enables software developers to encrypt data by using AES and 3DES
encryption algorithms without changing existing applications.
We have developed a cloud based POS system which running on more that 75 outlets and all the transaction data need to be posted every 5 minutes to the relevant database which sits on our head office (POS System is connecting to its own local database). For this we are using windows application which is directly connecting to our head office database through a VPN. But recently one of our clients raised a concern that our head office database is exposed because if anyone sneak to the network (obviously inside the VPN) he could see all CRUD Operations. So by this way he could do anything to head office database.
So we have decided to go for a WCF solution with encrypted JSON Call. If we use a web service can we eliminate this issueccompletely. Is it the best practice? Please advice.
There are several aspects of security to consider in your situation. If your current network topology doesn't limit the VPN client's visibility to just your database server, then yes, I agree that moving to publishing a web service endpoint and using HTTPS would improve security by blocking clients access to other servers on your internal network. However, the web service solution introduces some other considerations. Will you use firewall rules to limit which clients can access the web service? How are you authenticating clients, and how are you protecting those credentials from unauthorized users?
If you turn on encryption in SAP between the client and the server using the Secure Network Connection, then is there a load placed on the server to do all the encryption work? How big a load? Is it equivalent to the difference between HTTP and HTTPS on a web server?
Please clarify what you want to do.
Do you just want to create secure RFC connections from the SAP GUI to the SAP system? Which 3rd party security product will you be using (e.g. Kerberos).
Will you be using Single Sign On? i.e. via an AD server. If so, where will the secure connection be - full end to end?
With encryption, the main load is during the initial handshaking between the client and the server. During this process, keys are calculated and exchanged.
See the SNC User's Guide for information.
I have not seen any references to the load on the system. I did ask SAP OSS years ago but did not get a satisfactory reply.
You cannot compare the load of SNC (using DIAG) to HTTPS because the protocols are very different - DIAG is a lot leaner.
I have investigated the use of F5 servers. They can be used for software and hardware accelleration of HTTPS, but not for the DIAG protocol.