feedback please on asp.net app security scenario

Discussion in 'ASP .Net Security' started by Vadim, Sep 27, 2007.

  1. Vadim

    Vadim Guest

    Hi,

    I am wondering if somebody has any opinion if something is wrong with the
    described below scenarion, can be improved, etc....
    I think is scenario is very good.

    Our asp.net app (connects to SQL Server) is installed at a client's site
    using from my point of view the most standard way of security configuration:
    IIS is configured for windows authentication with Impersonation=True, IIs
    machine is installed in DMZ and connects inside firewall to AD and sql
    server.
    SQL server is also configured to use windows authentication and user
    credentials obviously are propagated from IIS.
    I heard complains about this scenarion that if a hacker breaks into IIS
    machine they can go directly to sql server inside firewall.
    Or maybe there are also other threats using this scenario.

    Thank you,

    Vadim
    Vadim, Sep 27, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Annie
    Replies:
    2
    Views:
    1,823
    Annie
    Sep 8, 2005
  2. =?Utf-8?B?a21jY29za2V5?=

    ACCESS AN ACCESS DATABASE FROM ASP.NET INTRANET SCENARIO

    =?Utf-8?B?a21jY29za2V5?=, Apr 24, 2007, in forum: ASP .Net
    Replies:
    7
    Views:
    448
    =?Utf-8?B?a21jY29za2V5?=
    Apr 30, 2007
  3. Belinda
    Replies:
    2
    Views:
    90
    Ravi Gudlavalleti
    Jun 22, 2004
  4. Alex Ayzin

    Best way to implement security scenario

    Alex Ayzin, Nov 16, 2004, in forum: ASP .Net Security
    Replies:
    3
    Views:
    145
    Ken Schaefer
    Nov 23, 2004
  5. kmccoskey
    Replies:
    2
    Views:
    246
    Paul Clement
    Apr 27, 2007
Loading...

Share This Page