ãå®å
¨å¥æ¥åå± (SSL) æ¯ä¸å¥æä¾èº«ä»½éªè¯ãä¿å¯æ§åæ°æ®å®æ´æ§çå å¯ææ¯ãSSL æ常ç¨æ¥å¨ Web æµè§å¨å Web æå¡å¨ä¹é´å»ºç«å®å
¨éä¿¡ééãç¶èï¼è¿å¯ä»¥ä½¿ç¨ SSL æ¥ä¿æ¤å®¢æ·ç«¯åºç¨ç¨åº(ç´æ¥è°ç¨æ¹)ä¸ Microsoft® SQL Server™ 2000 ä¹é´çéä¿¡ã
æ¬ç« ä»ç»å¦ä½å° SQL Server 2000 é
ç½®ä¸ºä½¿ç¨ SSL ç¡®ä¿ä¸å®¢æ·ç«¯åºç¨ç¨åºè¿è¡å®å
¨éä¿¡ã
æ¨å¿
é¡»äºè§£çèæ¯ç¥è¯
å¨å¼å§å¦ä¹ æ¬ç« ä¹åï¼æ¨åºè¯¥ç¥éï¼
•SSL æ¯ä½¿ç¨ Internet åè®®å®å
¨æ§ (IPSec) æ¥ç¡®ä¿æ°æ®åºéä¿¡å®å
¨çæ¿ä»£æ¹æ³ã
æå
³å¦ä½ä½¿ç¨ IPSec ç¡®ä¿æ°æ®åºéä¿¡å®å
¨ç详ç»ä¿¡æ¯ï¼è¯·åè§æ¬æåä¸çå¦ä½ä½¿ç¨ IPSec å¨ä¸¤ä¸ªæå¡å¨ä¹é´è¿è¡å®å
¨éä¿¡ã
•å½å®¢æ·ç«¯ææå¡å¨ IP å°ååçæ´æ¹æ¶ï¼å¹¶ä¸éè¦æ´æ¹é
ç½®ãè¿ä¸ç¹ä¸ IPSec ä¸åã
•å¿
é¡»å¨æ°æ®åºæå¡å¨è®¡ç®æºä¸å®è£
æå¡å¨è¯ä¹¦ï¼SSL æè½è¿è¡ã客æ·ç«¯è®¡ç®æºä¸è¿å¿
é¡»ææ¥èªåä¸æºæçæ ¹è¯ä¹¦é¢åæºæ (CA) è¯ä¹¦ã
•å®¢æ·ç«¯å¿
须已ç»å®è£
äº SQL Server 2000 è¿æ¥åºãæ©æçæ¬æéç¨åºä¼æ æ³è¿è¡ã
•SSL åªéç¨äº TCP/IP(为 SQL Server æ¨èéç¨çéä¿¡åè®®)åå½å管éã
•æ¨å¯ä»¥å°æå¡å¨é
置为对ææè¿æ¥å¼ºå¶ä½¿ç¨å å¯ã
•æ¨å¯ä»¥å¨å®¢æ·ç«¯ä¸æ§è¡ä»¥ä¸æä½ï¼
•å¼ºå¶å¯¹ææä¼ åºè¿æ¥è¿è¡å å¯ã
•éè¿ä½¿ç¨è¿æ¥å符串ï¼å
许客æ·ç«¯åºç¨ç¨åºéæ©æ¯å¦æè¿æ¥è¿è¡å å¯ã
å®è£
æå¡å¨éªè¯è¯ä¹¦
SSL è¦æ±æå¡å¨æ¥æç±æè¿æ¥ç客æ·ç«¯ä¿¡ä»»çè¯ä¹¦é¢åæºæ (CA) é¢åçæå¡å¨èº«ä»½éªè¯è¯ä¹¦ã
•å®è£
æå¡å¨è¯ä¹¦
1.使ç¨ç®¡çåå¸æ·ç»å½å°æ°æ®åºæå¡å¨è®¡ç®æºã
2.å¯å¨ Internet Explorer 并æµè§å° Microsoft è¯ä¹¦æå¡ï¼ä¾å¦ï¼
http://MyCA/certsrv 3.åå»âç³è¯·ä¸ä¸ªè¯ä¹¦âï¼ç¶ååå»âä¸ä¸æ¥âã
4.åå»âé«çº§ç³è¯·âï¼ç¶ååå»âä¸ä¸æ¥âã
5.åå»â使ç¨è¡¨æ ¼åè¿ä¸ª CA æ交ä¸ä¸ªè¯ä¹¦ç³è¯·âï¼ç¶ååå»âä¸ä¸æ¥âã
6.å¡«åè¯ä¹¦ç³è¯·è¡¨ï¼ææ以ä¸å ç¹ï¼
1.å¨âå称âå段ä¸ï¼è¾å
¥è¿è¡ SQL Server ç计ç®æºçå®å
¨éå®ååãä¾å¦ï¼
sql01.nwtraders.com
2.å¨âé¢æç®çâ(æâéè¦çè¯ä¹¦ç±»åâ)å段ä¸ï¼åå»âæå¡å¨èº«ä»½éªè¯è¯ä¹¦âã
3.对äºå å¯æå¡æä¾ç¨åº (CSP)ï¼åå»âMicrosoft RSA ééå å¯æä¾ç¨åºâã
注æï¼Microsoft åºæ¬å å¯æä¾ç¨åº 1.0 çå Microsoft å¢å¼ºå å¯æä¾ç¨åºåæ ·ææãè Microsoft 强å å¯æä¾ç¨åºæ æã
4.éæ©â使ç¨æ¬å°æºå¨ä¿åâå¤éæ¡ã
注æï¼ä¸è¦éæ©âå¯ç¨å¼ºç§é¥ä¿æ¤âã
7.åå»âæ交âæ交ç³è¯·ã
å¦æè¯ä¹¦æå¡å¨èªå¨é¢åè¯ä¹¦ï¼åå¯ä»¥ç«å³å®è£
è¯ä¹¦ãå¦åï¼å¯ä»¥æµè§å° Microsoft è¯ä¹¦æå¡å¹¶éæ©âæ£æ¥æèµ·çè¯ä¹¦âï¼å¨ CA 管çåé¢åè¯ä¹¦ä¹åå®è£
è¯ä¹¦ã
éªè¯è¯ä¹¦æ¯å¦å·²å®è£
æ¤è¿ç¨éªè¯æ¯å¦å·²æåå®è£
æå¡å¨è¯ä¹¦ã
•éªè¯è¯ä¹¦æ¯å¦å·²å®è£
1.åå»ä»»å¡æ ä¸çâå¼å§âæé®ï¼ç¶ååå»âè¿è¡âã
2.é®å
¥âmmcâï¼ç¶ååå»âç¡®å®âã
3.å¨âæ§å¶å°âèåä¸ï¼åå»âæ·»å /å é¤ç®¡çåå
âã
4.åå»âæ·»å âã
5.åå»âè¯ä¹¦âï¼ç¶ååå»âæ·»å âã
6.åå»â计ç®æºå¸æ·âï¼ç¶ååå»âä¸ä¸æ¥âã
7.ç¡®ä¿éä¸äºâæ¬å°è®¡ç®æºï¼(è¿è¡æ¬æ§å¶å°ç计ç®æº)âï¼ç¶ååå»âå®æâã
8.åå»âå
³éâï¼ç¶ååå»âç¡®å®âã
9.å¨å·¦çªæ ¼çæ è§å¾ä¸ï¼å±å¼âè¯ä¹¦(æ¬å°è®¡ç®æº)âï¼å±å¼â个人âï¼ç¶åéæ©âè¯ä¹¦âã
10.éªè¯æ¯å¦ç¡®å®æä¸ä¸ªè¯ä¹¦å
·ææ¨å¨åä¸ä¸ªè¿ç¨ä¸æå®çå®å
¨éå®ååã
å¯ä»¥åå»è¯ä¹¦æ¥çå®ç详ç»ä¿¡æ¯ã
å¨å®¢æ·ç«¯å®è£
CA é¢åçè¯ä¹¦
å®è£
è¯ä¹¦å¹¶éæ°å¯å¨ SQL Server æå¡åï¼SQL Server å°±å¯ä»¥ä¸å®¢æ·ç«¯åå SSLãä½¿ç¨ SSL è¿æ¥å° SQL Server ç客æ·ç«¯å¿
é¡»ï¼
•å·²å®è£
MDAC 2.6 æ SQL Server 2000 è¿æ¥åºã
•ä¿¡ä»» SQL Server çè¯ä¹¦é¢åè
ã
•å¨å®¢æ·ç«¯è®¡ç®æºä¸å®è£
CA é¢åçè¯ä¹¦
1.以管çå身份ç»å½å°å®¢æ·ç«¯è®¡ç®æºã
2.å¯å¨ Internet Explorer 并æµè§å° Microsoft è¯ä¹¦æå¡ï¼ä¾å¦ï¼
http://MyCA/certsrv 3.åå»âæ£ç´¢ CA è¯ä¹¦æè¯ä¹¦åéå表âï¼ç¶ååå»âä¸ä¸æ¥âã
4.åå»âå®è£
æ¤ CA è¯ä¹¦è·¯å¾âï¼ç¶åå¨ç¡®è®¤å¯¹è¯æ¡ä¸åå»âæ¯â以å®è£
æ ¹è¯ä¹¦ã
强å¶ææ客æ·ç«¯ä½¿ç¨ SSL
å¯ä»¥å°æå¡å¨é
置为强å¶ææ客æ·ç«¯ä½¿ç¨ SSL(å¦æ¤è¿ç¨æè¿°)ï¼æè
å¯ä»¥è®©å®¢æ·ç«¯éæ©æ¯å¦æè¿æ¥ä½¿ç¨ SSL(å¦ä¸ä¸è¿ç¨æè¿°)ãé
ç½®æå¡å¨å¼ºå¶å®¢æ·ç«¯ä½¿ç¨ SSL çä¼ç¹æ¯ï¼
•ä¿è¯äºææéä¿¡çå®å
¨ã
•æç»ä»»ä½ä¸å®å
¨çè¿æ¥ã
缺ç¹æ¯ï¼
•ææ客æ·ç«¯å¿
é¡»å®è£
äº MDAC 2.6 æ SQL Server 2000 è¿æ¥åº;æ©æçæ¬æéç¨åºå°æ æ³è¿æ¥ã
•ä¸éè¦ä¿æ¤çè¿æ¥ç±äºé¢å¤çå å¯ï¼æ§è½å¼éä¼ææå¢å ã
•å¼ºå¶ææ客æ·ç«¯ä½¿ç¨ SSL
1.å¨è¿è¡ SQL Server ç计ç®æºä¸ï¼åå»âMicrosoft SQL Serverâç¨åºç»ä¸çâæå¡å¨ç½ç»å®ç¨å·¥å
·âã
2.åå»éæ©â强å¶åè®®å å¯âã
3.éªè¯æ¯å¦å¯ç¨äº TCP/IP å/æå½å管éã
å
¶ä»åè®®ä¸æ¯æ SSLã
4.åå»âç¡®å®âå
³é SQL Server ç½ç»å®ç¨å·¥å
·ï¼ç¶åå¨âSQL Server ç½ç»å®ç¨å·¥å
·âæ¶æ¯æ¡ä¸åå»âç¡®å®âã
5.éæ°å¯å¨ SQL Server æå¡ã
ææåç»å®¢æ·ç«¯è¿æ¥é½ä¼è¢«è¦æ±ä½¿ç¨ SSLï¼æ 论å®ä»¬æ¯å¦æå®å®å
¨è¿æ¥ã
å
许客æ·ç«¯å³å®æ¯å¦ä½¿ç¨ SSL
æ¤è¿ç¨è¯´æå¦ä½é
ç½® SSL 以å
许客æ·ç«¯éæ©æ¯å¦ä½¿ç¨ SSLãå¯ä»¥å°å®¢æ·ç«¯åºé
置为对äºææè¿æ¥å¼ºå¶ä½¿ç¨ SSLï¼æè
å¯ä»¥è®©ååºç¨ç¨åºå¨æ¯ä¸ªè¿æ¥çåºç¡ä¸è¿è¡éæ©ãé
置客æ·ç«¯çä¼ç¹å¨äºï¼
•åªæç¡®å®éè¦ SSL çè¿æ¥æä¼äº§ç SSL ç³»ç»å¼éã
•ä¸æ¯æå¨ SQL Server ä¸ä½¿ç¨ SSL ç客æ·ç«¯ä»ç¶å¯ä»¥è¿æ¥ã
å¦æéç¨æ¤æ¹æ³ï¼åºç¡®ä¿æ¨å
许åå¨ä¸å®å
¨çè¿æ¥ã
•éæ°é
ç½®æå¡å¨
1.å¨è¿è¡ SQL Server ç计ç®æºä¸ï¼è¿è¡âæå¡å¨ç½ç»å®ç¨å·¥å
·âã
2.æ¸
é¤â强å¶åè®®å å¯âå¤éæ¡ã
3.éæ°å¯å¨ SQL Server æå¡ã
4.è¿åå°å®¢æ·ç«¯è®¡ç®æºã
•å¯¹ææ客æ·ç«¯è¿æ¥ä½¿ç¨ SSL
使ç¨è¿ä¸æ¹æ³ï¼æ¨å¯ä»¥å°å®¢æ·ç«¯åºé
置为对ææè¿æ¥é½ä½¿ç¨ SSLãè¿æå³çå°ä¸è½è®¿é®ä¸æ¯æå å¯ç SQL Server å SQL Server 2000 ä¹åç SQL Server çæ¬ã
1.å¨âMicrosoft SQL Serverâç¨åºç»ä¸ï¼åå»â客æ·ç«¯ç½ç»å®ç¨å·¥å
·âã
2.ç¡®ä¿å¯ç¨äº TCP/IP å/æå½å管éã
3.éæ©â强å¶åè®®å å¯âã
•å
许åºç¨ç¨åºéæ©æ¯å¦ä½¿ç¨å å¯
å¨æ¤æ¹æ³ä¸ï¼åºç¨ç¨åºä½¿ç¨è¿æ¥å符串æ¥å³å®æ¯å¦ä½¿ç¨å å¯ãè¿å
许æ¯ä¸ªåºç¨ç¨åºä»
å¨éè¦æ¶æ使ç¨å å¯ã
1.å¦æä½¿ç¨ OLE-DB æ°æ®æä¾ç¨åºè¿æ¥å° SQL Serverï¼è¯·å°â对æ°æ®ä½¿ç¨å å¯â设置为âtrueâï¼å¦ä¸é¢ç OLE-DB è¿æ¥å符串示ä¾æ示ã
"Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security
Info=False;Initial Catalog=Northwind;Data Source=sql01;Use Encryption for
Data=True"
2.å¦æä½¿ç¨ SQL Server .NET æ°æ®æä¾ç¨åºè¿æ¥å° SQL Serverï¼è¯·å°âå å¯â设置为âtrueâï¼å¦ä¸ä¾æ示ã
"Server=sql01;Integrated Security=SSPI;Persist Security
Info=False;Database=Northwind;Encrypt=True"
éªè¯éä¿¡æ¯å¦å·²å å¯
å¨æ¤è¿ç¨ä¸ï¼å°ä½¿ç¨ç½ç»çè§å¨æ¥éªè¯å¨åºç¨ç¨åºæå¡å¨ä¸æ°æ®åºæå¡å¨ä¹é´ä¼ éçæ°æ®æ¯å¦å·²å å¯ãé¦å
以ææå½¢å¼åéæ°æ®ï¼ç¶åéè¿å
é
ç½®æå¡å¨ï¼åé
置客æ·ç«¯æ¥å¯ç¨å å¯ã
•éªè¯éä¿¡æ¯å¦å·²å å¯
1.å¨å®¢æ·ç«¯è®¡ç®æºä¸ï¼ä½¿ç¨ Visual Studio.NET å建ä¸ä¸ªå为 SQLSecureClient çæ° C# æ§å¶å°åºç¨ç¨åºã
2.å°ä¸é¢ç代ç å¤å¶å° class1.csï¼æ¿æ¢ææç°æç代ç ã
注æï¼ç¨æ°æ®åºæå¡å¨çå称æ¿æ¢è¿æ¥å符串ä¸çæå¡å¨åã
using System;
using System.Data;
using System.Data.SqlClient;
namespace SQLSecureClient
{
class Class1
{
[STAThread]
static void Main(string[] args)
{
// 使ç¨æ¨çæ°æ®åºæå¡å¨çå称æ¿æ¢
以ä¸è¿æ¥
// å符串ä¸çæå¡å¨å称
SqlConnection conn = new SqlConnection(
"server='sql01';database=NorthWind;Integrated Security='SSPI'");
SqlCommand cmd = new SqlCommand("Select * FROM
Products"); try
{
conn.Open();
cmd.Connection = conn;
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
Console.WriteLine("{0} {1}",
reader.GetInt32(0).ToString(),
reader.GetString(1) );
}
reader.Close();
}
catch( Exception ex)
{
}
finally
{
conn.Close();
}
}
}
}
3.å¨âçæâèåä¸ï¼åå»âçæ解å³æ¹æ¡âã
4.为äºä½¿ä¸¤å°è®¡ç®æºä¹é´ç Windows 身份éªè¯åå¾æåï¼å¿
é¡»å¨æ°æ®åºæå¡å¨è®¡ç®æºä¸å¤å¶å½å以交äºæ¹å¼ç»å½å°å®¢æ·ç«¯è®¡ç®æºæç¨çå¸æ·ãç¡®ä¿ç¨æ·ååå¯ç é½å¹é
ãå¦ä¸ç§æ¹æ³æ¯ä½¿ç¨ä¸¤å°è®¡ç®æºé½å¯è¯å«çåå¸æ·ã
è¿å¿
é¡»ä½¿ç¨ SQL Server ä¼ä¸çº§ç®¡çå¨ä¸ºæ°å建çå¸æ·å建ä¸ä¸ªæ°æ®åºç»å½ï¼å¹¶å¨ Northwind æ°æ®åºä¸ä¸ºæ¤ç»å½æ·»å ä¸ä¸ªæ°çæ°æ®åºç¨æ·ã
5.å¨æ°æ®åºæå¡å¨è®¡ç®æºä¸ï¼ä½¿ç¨ SQL Server ç½ç»å®ç¨å·¥å
·ç¦ç¨å å¯(ç¡®ä¿æªéæ©â强å¶åè®®å å¯âé项)ã
6.å¨æ°æ®åºæå¡å¨è®¡ç®æºä¸ï¼åå»â管çå·¥å
·âç¨åºç»ä¸çâç½ç»çè§å¨âã
注æï¼Windows 2000 Server æä¾ç½ç»çè§å¨çéå¶çãMicrosoft SMS æä¾ç½ç»çè§å¨çå®å
¨çã
å¦ææ¨æ²¡æå®è£
ç½ç»çè§å¨ï¼è¯·è½¬å°æ§å¶é¢æ¿ä¸çâæ·»å æå é¤ç¨åºâï¼åå»âæ·»å /å é¤ Windows ç»ä»¶âï¼ä»âWindows ç»ä»¶âå表ä¸éæ©â管çåçè§å·¥å
·âï¼åå»â详ç»ä¿¡æ¯âï¼ç¶ååå»âç½ç»çè§å·¥å
·âãåå»âç¡®å®âï¼ç¶ååå»âä¸ä¸æ¥âå®è£
ç½ç»çè§å¨çéå¶çãå¯è½ä¼æ示æ¨æå
¥ Windows 2000 Server CDã
7.å¨âæè·âèåä¸ï¼åå»âçéâå建æ°ççéå¨ï¼é
ç½®å®ä»¥æ¥çå¨åºç¨ç¨åºæå¡å¨ä¸æ°æ®åºæå¡å¨ä¹é´åéç TCP/IP ç½ç»éä¿¡ã
8.åå»âå¼å§æè·âæ纽ã
9.è¿åå°å®¢æ·ç«¯è®¡ç®æºï¼ç¶åè¿è¡æµè¯æ§å¶å°åºç¨ç¨åºãNorthwind æ°æ®åºç产åå表åºæ¾ç¤ºå¨æ§å¶å°çªå£ä¸ã
10.è¿åå°æ°æ®åºæå¡å¨ï¼ç¶ååå»ç½ç»çè§å¨ä¸çâåæ¢å¹¶æ¥çæè·âæé®ã
11.åå»ç¬¬ä¸ä¸ªæè·ç帧以æ¥çæè·çæ°æ®ã
12.åä¸æ»å¨ä»¥æ¥çæè·ç帧ãæ¨åºè¯¥è½çå°ææå½¢å¼ç Select è¯å¥ï¼åé¢å¸¦æä»è¯¥æ°æ®åºæ£ç´¢å°ç产åå表ã
13.ç°å¨ï¼ä½¿ç¨ SQL Server ç½ç»å®ç¨å·¥å
·é
ç½®æå¡å¨ï¼å¼ºå¶ææè¿æ¥ä½¿ç¨å å¯ï¼
1.ä½¿ç¨ SQL Server ç½ç»å®ç¨å·¥å
·éæ©â强å¶åè®®å å¯âã
2.åæ¢å¹¶éæ°å¯å¨ SQL Server æå¡ã
14.è¿åç½ç»çè§å¨å¹¶åå»âå¼å§æè·âæé®ãå¨âä¿åæ件â对è¯æ¡ä¸ï¼åå»âå¦âã
15.è¿åå°å®¢æ·ç«¯è®¡ç®æºï¼ç¶åå次è¿è¡æµè¯æ§å¶å°åºç¨ç¨åºã
16.è¿åå°æ°æ®åºæå¡å¨è®¡ç®æºï¼ç¶ååå»ç½ç»çè§å¨ä¸çâåæ¢å¹¶æ¥çæè·âã
17.确认æ°æ®ç°å¨å·²åå¾é¾ä»¥çæ(å 为已å å¯)ã
18.éæ°é
ç½®æå¡å¨ï¼åæ¶å¼ºå¶å å¯ï¼
1.ä½¿ç¨ SQL Server ç½ç»å®ç¨å·¥å
·å¹¶æ¸
é¤â强å¶åè®®å å¯âå¤éæ¡ã
2.åæ¢å¹¶éæ°å¯å¨ SQL Server æå¡ã
19.å¨ç½ç»çè§å¨ä¸å¼å§æ°çæè·å¹¶éæ°è¿è¡å®¢æ·ç«¯åºç¨ç¨åºã确认æ°æ®å次æ为ææã
20.è¿åå°å®¢æ·ç«¯è®¡ç®æºï¼ä»âMicrosoft SQL Serverâç¨åºç»ä¸éæ©â客æ·ç«¯ç½ç»å®ç¨å·¥å
·âã
21.éæ©â强å¶åè®®å å¯âï¼ç¶ååå»âç¡®å®âå
³é客æ·ç«¯ç½ç»å®ç¨å·¥å
·ã
22.è¿åç½ç»çè§å¨å¹¶åå»âå¼å§æè·âæé®ãå¨âä¿åæ件â对è¯æ¡ä¸ï¼åå»âå¦âã
23.è¿åå°å®¢æ·ç«¯è®¡ç®æºï¼ç¶åå次è¿è¡æµè¯æ§å¶å°åºç¨ç¨åºã
24.è¿åå°æ°æ®åºæå¡å¨è®¡ç®æºï¼ç¶ååå»ç½ç»çè§å¨ä¸çâåæ¢å¹¶æ¥çæè·âã
25.确认æ°æ®ç°å¨å·²ç»é¾ä»¥çæ(å 为已å å¯)ã
请注æï¼å¨æææ
åµä¸ï¼SQL Server å¨éä¿¡åºåå¼å§æ¶é½å°å
¶æå¡å¨èº«ä»½éªè¯è¯ä¹¦ä»¥ææå½¢å¼åéå°å®¢æ·ç«¯ãè¿æ¯ SSL åè®®çä¸é¨åãè¿è¦æ³¨æï¼å³ä½¿æå¡å¨å客æ·ç«¯é½ä¸éè¦å å¯ï¼è¿ä¹ä¼åçã