Security: ASP.Net + SQL Server DNZ

Discussion in 'ASP .Net Security' started by Tushar Karsan, Jul 18, 2003.

  1. (Been reading other messages on this subject but could not find an answer,
    that is why I'm posting this. Please note, although I have posted to several
    groups, I've set follow-to microsoft.public.sqlserver.security in case I
    posted to where I shouldn't have, sorry if I have).

    I am woking on an ASP.Net app that will be in the DMZ and SQL Server will be
    behind the firewall inside a secure zone. It seems as though there are two
    possible methods of securing the DB:

    1. Using integrated security.
    a. This will use Win2K challege response machamism and hence passwords and
    user-id's would not need to be handled in the web app.
    b. This probably means that both ASP.Net and DB would have to be on the same
    windows domain.

    2. Using SQL Server security (do not know if it is the right name)
    a. Connection-string will need to include both uid and pwd.
    b. For security reasons, connection-string will need to be stored away from
    the app in a secure place, probably encrypted.
    c. At runtime the connection-string will need retrieving and decrypting and
    passed as clear text to Open() method on connection.

    It seems as though 2c makes it less secure if network is spoofed hence
    method 1 seems to be the better option, is that correct? If so, port 1433
    would need to be opened between the DMZ to DB zone, in that direction, is
    that correct?

    Any other pointers or suggestions will be much appreciated.

    thanks,
    Tushar
    Tushar Karsan, Jul 18, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tushar Karsan

    Security: ASP.Net + SQL Server DNZ

    Tushar Karsan, Jul 18, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    340
    Tushar Karsan
    Jul 18, 2003
  2. Juan T. Llibre
    Replies:
    0
    Views:
    441
    Juan T. Llibre
    Jun 7, 2005
  3. Usenet User
    Replies:
    4
    Views:
    549
    Usenet User
    Sep 22, 2008
  4. Richard

    ASP.Net Security and SQL Server access

    Richard, Jul 16, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    114
    Chris Jackson
    Jul 18, 2003
  5. Liam
    Replies:
    0
    Views:
    166
Loading...

Share This Page