Share via

SQL Server Sharred Memory and Encryption

Harig, George William 26 Reputation points
2021-07-15T20:46:26.953+00:00

Hi All,

So, My burning question that I want to find an answer to is: Are Shared Memory connections on a local system to Sql Server encrypted if you configure the “Force Encryption” to be “On” and “Extended protection” is set to “Allowed or Required”?

I can see that a TCP connection would be encrypted, but why would a shared memory connection be encrypted?

Developer technologies | Transact-SQL
Developer technologies | Transact-SQL
A Microsoft extension to the ANSI SQL language that includes procedural programming, local variables, and various support functions.
SQL Server | Other
0 comments
Answer accepted by question author
  1. AmeliaGu-MSFT 14,011 Reputation points Microsoft External Staff
    2021-07-16T02:52:18.483+00:00

    Hi HarigGeorgeWilliam-0387,

    Welcome to Microsoft Q&A.

    Are Shared Memory connections on a local system to Sql Server encrypted if you configure the “Force Encryption” to be “On” and “Extended protection” is set to “Allowed or Required”?

    Yes. You can use the following query to check if the shared memory connection is encrypted when configuring the “Force Encryption” to be “On” and “Extended protection” is set to “Allowed or Required”: 

    select session_id, net_transport, encrypt_option from sys.dm_exec_connections

    115189-image.png

    Best Regards,
    Amelia

    If the answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sam of Simple Samples 5,571 Reputation points
    2021-07-16T00:41:09.45+00:00

    To answer the question why would a shared memory connection be encrypted theoretically, if that is done then it would be to thwart anyone from getting the data that can hack into shared memory that should not have access to the data. Shared memory must use virtual storage that uses an external drive. Unencrypted data in an external drive could theoretically be accessed in an unauthorized manner.

    There are many relevant articles if we want to search for them. For example Encrypt Your Windows Pagefile To Improve Security - gHacks Tech News explains how to encrypt the pagefile and how that is relevant. And encryption - Why encrypt data in memory? - Information Security Stack Exchange is relevant to shared memory too.

  2. AmeliaGu-MSFT 14,011 Reputation points Microsoft External Staff
    2021-07-16T05:43:11.57+00:00

    Hi HarigGeorgeWilliam-0387,

    So I want tcp/ip connections encrypted but i do not want SM encrypted.

    You can create a connection string in the format tcp:<servername>[\<instancename>],<port> or tcp:<IPAddress>[\<instancename>],<port> to make sure the connection is using TCP/IP.

    Best Regards,
    Amelia

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.