Hello-
My goal is to verify that all connections made by a program are encrypted at program startup. My first idea was to check the connection string for the appropriate tokens, but I wanted something more bulletproof. I found that the following query
should do the trick:
SELECT [encrypt_option] FROM [sys].[dm_exec_connections] WHERE [session_id] = @@SPID;
However, selecting from this table requires that a user be granted VIEW SERVER STATE.
I suppose I have two related questions:
- Is there a way to view one's own connection's encryption state without needing VIEW SERVER STATE or any other overly-broad permission?
- Is there any particular danger in a user having VIEW SERVER STATE? I understand a connection will be able to view metadata about other connections, and that alone may not be too concerning depending on what that metadata is. This is not a shared user environment so much as it is a shared service environment, and I wish to maintain isolation between services in the event that one were to be compromised by an attacker. If there is the potential to leak credentials, query text, or data between users I am concerned. If they can just see a list of all the connections to a server, I am not so much.
Thanks