ODBC does not transmit usernames and passwords in clear text (ODBC does not transmit anything) - but some ODBC drivers do. The basic SQL Server driver on Windows does "encrypt" the password and does not send it clear text but it is not that difficult to break.

It has been a while since I looked at it but I thought you could set SQL Server up to only accept encrypted connections and if that is the case there must be a Windows driver which does the encryption. May be I am imagining that.

So long as your client is on UNIX the Easysoft SQL Server ODBC Driver does all forms of SQL Server connections - simple encrypted password (and it is very simple), NTLM (a little better but not much), SSL for the connection only or SSL for everything. Unfortunately it is not available for Windows currently. BTW, I have a connection with Easysoft.

Noone can be offended at the question. This is a perl website not a UNIX website. In any case the monks here are surprisingly tolerant of impertinent non-perl questions though apparently it helps to prefix off-topic questions with the string "[OT]".

I cannot find any such module. I suspect such a module would need to be XS code linking to the SQL server API libraries. The libraries may have licenses restricting the distribution of derived code which may be one reason why no such modules are in CPAN. There is a procedure for writing new DBD drivers which you might want to look at. But more likely you have to look round the SQL server website on account of the licensing issues. I tried a google and came up with an article.

This is one of the reasons I like the culture here in the Monastary - People offer the best solution to a problem, rather than the best Perl solution.

It also epitomises the virtue of laziness, as extolled by Perl - why write a script at all when you don't need to?!

--
use JAPH;
print JAPH::asString();

Hi,

I don't know anything about SQL Server or Windows, but I would be surprised if there wouldn't be a way to enable authentication over secured connections.

The Unix way to solve this problem would be to tunnel the connection over SSH. This is what I do when MySQL or PostgreSQL are bound to the loopback interface without open ports to the outside. You connect to the server with SSH, and the SSH daemon on the server would then forward the connection locally to the right port where SQL Server is running. I'm sure there are versions of SSH for Windows, and perhaps Putty can listen for connections in a server sort of way. I'm sorry I can't help you more – I know nothing about Windows software – but this is one way you might be able to make it work in a secure manner.

Good luck!

the server (???)

sshd from cygwin should to the trick, like one of the many other SSH server implementations for Win32.

Sometimes, a friendly Linux or *BSD machine near the server can also help, running the ssh server, tunnelling a port to the windows server. In PuTTY, specify windowsbox.remote.lan:1433 (not localhost) as tunnel destination when connecting to linuxbox.remote.lan. It may look strange, but it works (unless linuxbox and windowsbox are separated from each other by a firewall). With the openssh command line client, it should look something like this:

ssh -L 1433:windowsbox.remote.lan:1433 joe@linuxbox.remote.lan

Connect to localhost:1433 and you should see the SQL server as long as the ssh connection is alive. The command line for PuTTYs plink utility should look nearly the same.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)