Access to internal database

[CMan]

Hi ,

We have a internal database application which we now need to update from a
website hosted at an external site.

We want users to be able to come to the website and see their very latest
information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.

What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?

Thanks

CMan

 

[Guest]

The most secure is to set up each "user" as an NT account and force login.
This can end up as a maintenance nightmare, however. Outside of this, you
will have to create some form of security account table for each user of the
system. You can set up an admin role and user roles and have the admin for a
particular company control the user's access. That will take some of the
maintenance off your back. You will have to add these new tables (account,
role, etc.) to your database or a separate security database.

All db access should be done through stored procedures, if possible, as that
adds a security layer over ad hoc queries against tables. A "hacker" will
only have access to the data retrieved, updated, etc., by a procedure, which
you have control over. This is not possible with all types of databases.

---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

 

[Eliyahu Goldin]

If you are in Microsoft environment, you need to publish your database out
on your local ISA server. You can allow external access from only one
location, which is the webserver. The web server then would connect to the
database server by the ISA IP address. If you are going to pass secure data
between the web and database server, you will want to equip the database
server with a SSL certificate.

Eliyahu

 

[alan.washington]

Webservices come to mind. You could have a webservice on yourend that would be triggered from the site. That way you canhave the site run off of your local DB even though it is hostedremotely. This is a problem however if your site does not havethe same type of redundency as your hosting environment. Ifyour servers go down so would site. Another way would be tosend the web site submitted data to the formatted flat file. That way you could just FTP down to your site securely wheneveryou wanted to.

Alan Washington

Hi ,

We have a internal database application which we now need toupdate from a
website hosted at an external site.

We want users to be able to come to the website and see theirvery latest
information. They should be able to update this data and submitit to a
holding area before it is checked by an operator and the liverecord
updated.

What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?

Thanks

CMan

User submitted from AEWNET (http://www.aewnet.com/)

 

[chanmmn]

http://msdn.microsoft.com/architecture/application/default.aspx

chanmm

 

[CMan]

Thanks everyone,

So we can make the connection to the database server over SSL? Or do you
just mean between the web server and browser?
How do we set this up? Is it a simple SQL Server setting or win2000 network
setting?

How does SSL compare to using IPsec?
Can this all be done securely through win2000 alone or is third party
software required/preferred?

Thanks in advance.

CMan

 

[Eliyahu Goldin]

Yes, you can make SSL connection between the database server and the
webserver if you install a SSL certificate on the database server.

Microsoft document "Building Secure ASP.NET Applications" is a good strating
point. Can be downloaded from
http://www.microsoft.com/downloads/...FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E

Eliyahu

 

[CMan]

Thanks Eliyahu,

This has been really helpful.

For this use would there be any problem generating our own certificate>

CMan

 

[Eliyahu Goldin]

Theoretically there should not be any problem. Never did it myself though.

Eliyahu

 

[CMan]

Thanks.

Theoretically there should not be any problem. Never did it myself though.

Eliyahu


http://www.microsoft.com/downloads/...FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E connect