Advanced SQL Server Man-In-the-Middle Attacks | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Advanced SQL Server Man-In-the-Middle Attacks (blindspotsecurity.com)
		33 points by el_duderino on Dec 20, 2017 \| hide \| past \| favorite \| 1 comment

fowl2 on Dec 21, 2017 [–]

I must be jaded, but isn't this obvious? If you don't validate certs you're vulnerable to MITM. If you don't mandate encrpytion on your client, you're vulnerable to downgrade attacks.

It would be nice if the common driver libraries supported key pinning in the connection string.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact