Design Help – Access SQL Database behind a firewall from ASP .NET pages.
26 February 2004, 08:57 PM
#1
Scooby Regular
Thread Starter
Join Date: Mar 2002
Location: Herts
Posts: 327
Likes: 0
Received 0 Likes
on
0 Posts
Design Help – Access SQL Database behind a firewall from ASP .NET pages.
Hi,
I am new to internet development and would like some advice on the technology used to access a SQL database that sits on a network behind a firewall.
** ASP .NET Page ** -> ** Web Server ** -> ** FIREWALL ** -> ** SQL **
So to give an example; from an ASP .NET page on the internet, I would like to populate a DataGrid with the contents of a single table from a SQL database. The SQL database is sitting on our company network behind a firewall.
Could someone please explain / point me in the right direction in how the ASP .NET page / Web Server can securely access the SQL database.
Thanking you in advance
Scott
I am new to internet development and would like some advice on the technology used to access a SQL database that sits on a network behind a firewall.
** ASP .NET Page ** -> ** Web Server ** -> ** FIREWALL ** -> ** SQL **
So to give an example; from an ASP .NET page on the internet, I would like to populate a DataGrid with the contents of a single table from a SQL database. The SQL database is sitting on our company network behind a firewall.
Could someone please explain / point me in the right direction in how the ASP .NET page / Web Server can securely access the SQL database.
Thanking you in advance
Scott
27 February 2004, 06:19 AM
#2
Scooby Regular
Thread Starter
Join Date: Mar 2002
Location: Herts
Posts: 327
Likes: 0
Received 0 Likes
on
0 Posts
OK research so far seems to show 2 options;
Option 1.
The firewall opens port 1433 with an additional rule to only allow the IP address of the web server to communicate on port 1433. As such this allows web server code to create a connection string to SQL? How would I fully qualifying the connection string server property - <SQL Server NetBIOS Name><domain>??
Option 2.
Have a second web server (internal) running on the same box as the SQL server. The internal web server will host web services, which can be called from the external web server. This requires the opening of port 80. Further security is added with the use of an encrypted key required for all method calls. How is the encrypted key implemented?
Is there an industry preferred solution?
Is option 2 more secure against SQL attacks since SQL access is further controlled through the use of web services?
Thanking you again in advance for your replies
Scotty
Option 1.
The firewall opens port 1433 with an additional rule to only allow the IP address of the web server to communicate on port 1433. As such this allows web server code to create a connection string to SQL? How would I fully qualifying the connection string server property - <SQL Server NetBIOS Name><domain>??
Option 2.
Have a second web server (internal) running on the same box as the SQL server. The internal web server will host web services, which can be called from the external web server. This requires the opening of port 80. Further security is added with the use of an encrypted key required for all method calls. How is the encrypted key implemented?
Is there an industry preferred solution?
Is option 2 more secure against SQL attacks since SQL access is further controlled through the use of web services?
Thanking you again in advance for your replies
Scotty
27 February 2004, 10:43 AM
#4
Scooby Regular
Thread Starter
Join Date: Mar 2002
Location: Herts
Posts: 327
Likes: 0
Received 0 Likes
on
0 Posts
class A - thanks for your reply. Unfortunatly a VPN is not an option at the moment. The ** Web Server ** -> ** FIREWALL ** -> ** SQL ** architecture is all i have to work with. The joys of being the boy !!!! The more i research, the more option 2 is becoming the preferred solution with my architecture.
Scotty
Scotty
Thread
Thread Starter
Forum
Replies
Last Post