feedback please on asp.net app security scenario

V

Vadim

Hi,

I am wondering if somebody has any opinion if something is wrong with the
described below scenarion, can be improved, etc....
I think is scenario is very good.

Our asp.net app (connects to SQL Server) is installed at a client's site
using from my point of view the most standard way of security configuration:
IIS is configured for windows authentication with Impersonation=True, IIs
machine is installed in DMZ and connects inside firewall to AD and sql
server.
SQL server is also configured to use windows authentication and user
credentials obviously are propagated from IIS.
I heard complains about this scenarion that if a hacker breaks into IIS
machine they can go directly to sql server inside firewall.
Or maybe there are also other threats using this scenario.

Thank you,

Vadim
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top