Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / March 2007

Tip: Looking for answers? Try searching our database.

IIS and SQL 2005

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
royst - 29 Mar 2007 11:54 GMT
I need to have my web server IIS 6 access our database SQL2005. Our web
server holds other web sites so I would like to leave it in the DMZ and the
SQL in the lan. From what I have heard this is not the best method. Has
anyone done this. Is there a better way.

Thanks
Reply to this Message
Kent Tegels - 29 Mar 2007 12:51 GMT
Hello royst,

> I need to have my web server IIS 6 access our database SQL2005. Our
> web server holds other web sites so I would like to leave it in the
> DMZ and the SQL in the lan. From what I have heard this is not the
> best method. Has anyone done this. Is there a better way.

Sometimes is design is about the only secure method making it work. The problem
with it is that its lower perf that having the SQL Server in DMZ because
of need to connect back through a firewall. You may also have to use standard
logins, but as long as you're taking reasonable steps to secure your DMZ
to LAN connection, that's probably an acceptable risk.

Thanks!
Kent Tegels
DevelopMentor
http://staff.develop.com/ktegels
Reply to this Message
royst - 29 Mar 2007 13:08 GMT
Thanks Kent

The performance is not an issue. Security on the other hand is. I have
reservations on opening up SQL ports on my firewall. Just tring to find a
more secure way to do this with IIS in the DMZ and SQL in the local Lan.

> Hello royst,
>
[quoted text clipped - 13 lines]
> DevelopMentor
> http://staff.develop.com/ktegels/
Reply to this Message
Kent Tegels - 29 Mar 2007 14:20 GMT
Hello royst,

If you have a decent firewall, you should be able to restrict by address
who can initiate a connection on port 1433. You could also require TLS or
SSL encryption on the connection for good measure with with performance implications.

The alternative would be do some form of replication, but that leaves you
with a port (or set of them) open at some point.

Good luck,
kt
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.