Dear all. I'm sorry if this question has already been asked before. Are user id and password are encrypted during transmission of connection attempt from a unixODBC client to server? If they are, is that asymmetric encryption scheme? What is the encryption algorithm? Does it have any relation with TLS encryption parameter ? I do really appreciate your help.
asked 08 Mar '13, 07:54
Sensitive connection parameters (PWD, DBKEY, NEWPWD) are sent in an encrypted block. The block is encrypted with AES using a random key that is negotiated between the client and server, and is only used once. This happens on all connections, whether the connection itself is encrypted or not.
While this is far more secure than sending the password in plain text, it's not completely bulletproof. For the highest possible security, you should use TLS encryption.
answered 08 Mar '13, 08:17