Access to internal database

Discussion in 'ASP .Net' started by CMan, Nov 9, 2004.

  1. CMan

    CMan Guest

    Hi ,

    We have a internal database application which we now need to update from a
    website hosted at an external site.

    We want users to be able to come to the website and see their very latest
    information. They should be able to update this data and submit it to a
    holding area before it is checked by an operator and the live record
    updated.

    What is the best and most secure way to achieve this scenario?
    How should the website be connected to the internal database?

    Thanks

    CMan
     
    CMan, Nov 9, 2004
    #1
    1. Advertising

  2. The most secure is to set up each "user" as an NT account and force login.
    This can end up as a maintenance nightmare, however. Outside of this, you
    will have to create some form of security account table for each user of the
    system. You can set up an admin role and user roles and have the admin for a
    particular company control the user's access. That will take some of the
    maintenance off your back. You will have to add these new tables (account,
    role, etc.) to your database or a separate security database.

    All db access should be done through stored procedures, if possible, as that
    adds a security layer over ad hoc queries against tables. A "hacker" will
    only have access to the data retrieved, updated, etc., by a procedure, which
    you have control over. This is not possible with all types of databases.

    ---

    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    ***************************
    Think Outside the Box!
    ***************************


    "CMan" wrote:

    > Hi ,
    >
    > We have a internal database application which we now need to update from a
    > website hosted at an external site.
    >
    > We want users to be able to come to the website and see their very latest
    > information. They should be able to update this data and submit it to a
    > holding area before it is checked by an operator and the live record
    > updated.
    >
    > What is the best and most secure way to achieve this scenario?
    > How should the website be connected to the internal database?
    >
    > Thanks
    >
    > CMan
    >
    >
    >
     
    =?Utf-8?B?Q293Ym95IChHcmVnb3J5IEEuIEJlYW1lcikgLSBN, Nov 9, 2004
    #2
    1. Advertising

  3. If you are in Microsoft environment, you need to publish your database out
    on your local ISA server. You can allow external access from only one
    location, which is the webserver. The web server then would connect to the
    database server by the ISA IP address. If you are going to pass secure data
    between the web and database server, you will want to equip the database
    server with a SSL certificate.

    Eliyahu

    "CMan" <> wrote in message
    news:%...
    > Hi ,
    >
    > We have a internal database application which we now need to update from a
    > website hosted at an external site.
    >
    > We want users to be able to come to the website and see their very latest
    > information. They should be able to update this data and submit it to a
    > holding area before it is checked by an operator and the live record
    > updated.
    >
    > What is the best and most secure way to achieve this scenario?
    > How should the website be connected to the internal database?
    >
    > Thanks
    >
    > CMan
    >
    >
     
    Eliyahu Goldin, Nov 9, 2004
    #3
  4. Webservices come to mind. You could have a webservice on yourend that would be triggered from the site. That way you canhave the site run off of your local DB even though it is hostedremotely. This is a problem however if your site does not havethe same type of redundency as your hosting environment. Ifyour servers go down so would site. Another way would be tosend the web site submitted data to the formatted flat file. That way you could just FTP down to your site securely wheneveryou wanted to.

    Alan Washington

    > Hi ,
    >
    > We have a internal database application which we now need toupdate from a
    > website hosted at an external site.
    >
    > We want users to be able to come to the website and see theirvery latest
    > information. They should be able to update this data and submitit to a
    > holding area before it is checked by an operator and the liverecord
    > updated.
    >
    > What is the best and most secure way to achieve this scenario?
    > How should the website be connected to the internal database?
    >
    > Thanks
    >
    > CMan
    >
    >

    User submitted from AEWNET (http://www.aewnet.com/)
     
    alan.washington, Nov 9, 2004
    #4
  5. CMan

    chanmmn Guest

    http://msdn.microsoft.com/architecture/application/default.aspx

    chanmm

    "CMan" <> wrote in message
    news:%...
    > Hi ,
    >
    > We have a internal database application which we now need to update from a
    > website hosted at an external site.
    >
    > We want users to be able to come to the website and see their very latest
    > information. They should be able to update this data and submit it to a
    > holding area before it is checked by an operator and the live record
    > updated.
    >
    > What is the best and most secure way to achieve this scenario?
    > How should the website be connected to the internal database?
    >
    > Thanks
    >
    > CMan
    >
    >
     
    chanmmn, Nov 9, 2004
    #5
  6. CMan

    CMan Guest

    Thanks everyone,

    So we can make the connection to the database server over SSL? Or do you
    just mean between the web server and browser?
    How do we set this up? Is it a simple SQL Server setting or win2000 network
    setting?

    How does SSL compare to using IPsec?
    Can this all be done securely through win2000 alone or is third party
    software required/preferred?

    Thanks in advance.

    CMan







    "Eliyahu Goldin" <> wrote in message
    news:...
    > If you are in Microsoft environment, you need to publish your database out
    > on your local ISA server. You can allow external access from only one
    > location, which is the webserver. The web server then would connect to the
    > database server by the ISA IP address. If you are going to pass secure

    data
    > between the web and database server, you will want to equip the database
    > server with a SSL certificate.
    >
    > Eliyahu
    >
    > "CMan" <> wrote in message
    > news:%...
    > > Hi ,
    > >
    > > We have a internal database application which we now need to update from

    a
    > > website hosted at an external site.
    > >
    > > We want users to be able to come to the website and see their very

    latest
    > > information. They should be able to update this data and submit it to a
    > > holding area before it is checked by an operator and the live record
    > > updated.
    > >
    > > What is the best and most secure way to achieve this scenario?
    > > How should the website be connected to the internal database?
    > >
    > > Thanks
    > >
    > > CMan
    > >
    > >

    >
    >
     
    CMan, Nov 10, 2004
    #6
  7. Yes, you can make SSL connection between the database server and the
    webserver if you install a SSL certificate on the database server.

    Microsoft document "Building Secure ASP.NET Applications" is a good strating
    point. Can be downloaded from
    http://www.microsoft.com/downloads/...FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E

    Eliyahu

    "CMan" <> wrote in message
    news:...
    > Thanks everyone,
    >
    > So we can make the connection to the database server over SSL? Or do you
    > just mean between the web server and browser?
    > How do we set this up? Is it a simple SQL Server setting or win2000

    network
    > setting?
    >
    > How does SSL compare to using IPsec?
    > Can this all be done securely through win2000 alone or is third party
    > software required/preferred?
    >
    > Thanks in advance.
    >
    > CMan
    >
    >
    >
    >
    >
    >
    >
    > "Eliyahu Goldin" <> wrote in message
    > news:...
    > > If you are in Microsoft environment, you need to publish your database

    out
    > > on your local ISA server. You can allow external access from only one
    > > location, which is the webserver. The web server then would connect to

    the
    > > database server by the ISA IP address. If you are going to pass secure

    > data
    > > between the web and database server, you will want to equip the database
    > > server with a SSL certificate.
    > >
    > > Eliyahu
    > >
    > > "CMan" <> wrote in message
    > > news:%...
    > > > Hi ,
    > > >
    > > > We have a internal database application which we now need to update

    from
    > a
    > > > website hosted at an external site.
    > > >
    > > > We want users to be able to come to the website and see their very

    > latest
    > > > information. They should be able to update this data and submit it to

    a
    > > > holding area before it is checked by an operator and the live record
    > > > updated.
    > > >
    > > > What is the best and most secure way to achieve this scenario?
    > > > How should the website be connected to the internal database?
    > > >
    > > > Thanks
    > > >
    > > > CMan
    > > >
    > > >

    > >
    > >

    >
    >
     
    Eliyahu Goldin, Nov 10, 2004
    #7
  8. CMan

    CMan Guest

    Thanks Eliyahu,

    This has been really helpful.

    For this use would there be any problem generating our own certificate>

    CMan



    "Eliyahu Goldin" <> wrote in message
    news:...
    > Yes, you can make SSL connection between the database server and the
    > webserver if you install a SSL certificate on the database server.
    >
    > Microsoft document "Building Secure ASP.NET Applications" is a good

    strating
    > point. Can be downloaded from
    >

    http://www.microsoft.com/downloads/...FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E
    >
    > Eliyahu
    >
    > "CMan" <> wrote in message
    > news:...
    > > Thanks everyone,
    > >
    > > So we can make the connection to the database server over SSL? Or do

    you
    > > just mean between the web server and browser?
    > > How do we set this up? Is it a simple SQL Server setting or win2000

    > network
    > > setting?
    > >
    > > How does SSL compare to using IPsec?
    > > Can this all be done securely through win2000 alone or is third party
    > > software required/preferred?
    > >
    > > Thanks in advance.
    > >
    > > CMan
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > > "Eliyahu Goldin" <> wrote in message
    > > news:...
    > > > If you are in Microsoft environment, you need to publish your database

    > out
    > > > on your local ISA server. You can allow external access from only one
    > > > location, which is the webserver. The web server then would connect to

    > the
    > > > database server by the ISA IP address. If you are going to pass secure

    > > data
    > > > between the web and database server, you will want to equip the

    database
    > > > server with a SSL certificate.
    > > >
    > > > Eliyahu
    > > >
    > > > "CMan" <> wrote in message
    > > > news:%...
    > > > > Hi ,
    > > > >
    > > > > We have a internal database application which we now need to update

    > from
    > > a
    > > > > website hosted at an external site.
    > > > >
    > > > > We want users to be able to come to the website and see their very

    > > latest
    > > > > information. They should be able to update this data and submit it

    to
    > a
    > > > > holding area before it is checked by an operator and the live record
    > > > > updated.
    > > > >
    > > > > What is the best and most secure way to achieve this scenario?
    > > > > How should the website be connected to the internal database?
    > > > >
    > > > > Thanks
    > > > >
    > > > > CMan
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    CMan, Nov 11, 2004
    #8
  9. Theoretically there should not be any problem. Never did it myself though.

    Eliyahu

    "CMan" <> wrote in message
    news:%23j7vKt%...
    > Thanks Eliyahu,
    >
    > This has been really helpful.
    >
    > For this use would there be any problem generating our own certificate>
    >
    > CMan
    >
    >
    >
    > "Eliyahu Goldin" <> wrote in message
    > news:...
    > > Yes, you can make SSL connection between the database server and the
    > > webserver if you install a SSL certificate on the database server.
    > >
    > > Microsoft document "Building Secure ASP.NET Applications" is a good

    > strating
    > > point. Can be downloaded from
    > >

    >

    http://www.microsoft.com/downloads/...FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E
    > >
    > > Eliyahu
    > >
    > > "CMan" <> wrote in message
    > > news:...
    > > > Thanks everyone,
    > > >
    > > > So we can make the connection to the database server over SSL? Or do

    > you
    > > > just mean between the web server and browser?
    > > > How do we set this up? Is it a simple SQL Server setting or win2000

    > > network
    > > > setting?
    > > >
    > > > How does SSL compare to using IPsec?
    > > > Can this all be done securely through win2000 alone or is third party
    > > > software required/preferred?
    > > >
    > > > Thanks in advance.
    > > >
    > > > CMan
    > > >
    > > >
    > > >
    > > >
    > > >
    > > >
    > > >
    > > > "Eliyahu Goldin" <> wrote in message
    > > > news:...
    > > > > If you are in Microsoft environment, you need to publish your

    database
    > > out
    > > > > on your local ISA server. You can allow external access from only

    one
    > > > > location, which is the webserver. The web server then would connect

    to
    > > the
    > > > > database server by the ISA IP address. If you are going to pass

    secure
    > > > data
    > > > > between the web and database server, you will want to equip the

    > database
    > > > > server with a SSL certificate.
    > > > >
    > > > > Eliyahu
    > > > >
    > > > > "CMan" <> wrote in message
    > > > > news:%...
    > > > > > Hi ,
    > > > > >
    > > > > > We have a internal database application which we now need to

    update
    > > from
    > > > a
    > > > > > website hosted at an external site.
    > > > > >
    > > > > > We want users to be able to come to the website and see their very
    > > > latest
    > > > > > information. They should be able to update this data and submit it

    > to
    > > a
    > > > > > holding area before it is checked by an operator and the live

    record
    > > > > > updated.
    > > > > >
    > > > > > What is the best and most secure way to achieve this scenario?
    > > > > > How should the website be connected to the internal database?
    > > > > >
    > > > > > Thanks
    > > > > >
    > > > > > CMan
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Eliyahu Goldin, Nov 11, 2004
    #9
  10. CMan

    CMan Guest

    Thanks.


    "Eliyahu Goldin" <> wrote in message
    news:u$oZkG$...
    > Theoretically there should not be any problem. Never did it myself though.
    >
    > Eliyahu
    >
    > "CMan" <> wrote in message
    > news:%23j7vKt%...
    > > Thanks Eliyahu,
    > >
    > > This has been really helpful.
    > >
    > > For this use would there be any problem generating our own certificate>
    > >
    > > CMan
    > >
    > >
    > >
    > > "Eliyahu Goldin" <> wrote in message
    > > news:...
    > > > Yes, you can make SSL connection between the database server and the
    > > > webserver if you install a SSL certificate on the database server.
    > > >
    > > > Microsoft document "Building Secure ASP.NET Applications" is a good

    > > strating
    > > > point. Can be downloaded from
    > > >

    > >

    >

    http://www.microsoft.com/downloads/...FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E
    > > >
    > > > Eliyahu
    > > >
    > > > "CMan" <> wrote in message
    > > > news:...
    > > > > Thanks everyone,
    > > > >
    > > > > So we can make the connection to the database server over SSL? Or

    do
    > > you
    > > > > just mean between the web server and browser?
    > > > > How do we set this up? Is it a simple SQL Server setting or win2000
    > > > network
    > > > > setting?
    > > > >
    > > > > How does SSL compare to using IPsec?
    > > > > Can this all be done securely through win2000 alone or is third

    party
    > > > > software required/preferred?
    > > > >
    > > > > Thanks in advance.
    > > > >
    > > > > CMan
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > > > "Eliyahu Goldin" <> wrote in message
    > > > > news:...
    > > > > > If you are in Microsoft environment, you need to publish your

    > database
    > > > out
    > > > > > on your local ISA server. You can allow external access from only

    > one
    > > > > > location, which is the webserver. The web server then would

    connect
    > to
    > > > the
    > > > > > database server by the ISA IP address. If you are going to pass

    > secure
    > > > > data
    > > > > > between the web and database server, you will want to equip the

    > > database
    > > > > > server with a SSL certificate.
    > > > > >
    > > > > > Eliyahu
    > > > > >
    > > > > > "CMan" <> wrote in message
    > > > > > news:%...
    > > > > > > Hi ,
    > > > > > >
    > > > > > > We have a internal database application which we now need to

    > update
    > > > from
    > > > > a
    > > > > > > website hosted at an external site.
    > > > > > >
    > > > > > > We want users to be able to come to the website and see their

    very
    > > > > latest
    > > > > > > information. They should be able to update this data and submit

    it
    > > to
    > > > a
    > > > > > > holding area before it is checked by an operator and the live

    > record
    > > > > > > updated.
    > > > > > >
    > > > > > > What is the best and most secure way to achieve this scenario?
    > > > > > > How should the website be connected to the internal database?
    > > > > > >
    > > > > > > Thanks
    > > > > > >
    > > > > > > CMan
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    CMan, Nov 11, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. anupam
    Replies:
    2
    Views:
    4,463
    Ralf Hildebrandt
    Jan 27, 2006
  2. Plamen Doykov

    Can't access internal class' members in 2.0

    Plamen Doykov, Oct 11, 2005, in forum: ASP .Net
    Replies:
    6
    Views:
    3,044
    Scott Allen
    Oct 12, 2005
  3. Big Charles
    Replies:
    3
    Views:
    321
    Alec MacLean
    Oct 29, 2006
  4. Tony Johansson
    Replies:
    7
    Views:
    519
    Gregory A. Beamer
    Dec 23, 2009
  5. CMan

    Access to internal database

    CMan, Nov 9, 2004, in forum: ASP .Net Security
    Replies:
    8
    Views:
    178
Loading...

Share This Page