Of course you could just use an NT Server with IIS in front and SQL
server behind, allowing you to use NetBEUI between the two boxes
eliminating the need for encryption (since nothing else can ever get on
that link between the two boxes). IIS can do NT Challenge/Response for
authentication, which I realize doesn't have the presence that some
other methods do. It can also be used to do SSL (although there is
currently a bug in IIS 1.0 that prevents it from handling SSL with
Netscape Atlas clients, ala SSL 3.0).
Just a thought...