Post reply

SQL on the Internet

  • October 2, 2003 at 2:58 am

    #83118

    Hi

    We have done several substantial projects with SQL server 2000 and are now working out an Internet project - to be hosted by an ISP. Need to ramp up knowledge on effective/safe/efficient ways of using SQL. For example, can we replicate between SQL on a web site and SQL on one of our servers (for backup and data security). Can we/should be use encryption for the whole database, etc, etc.

    Any suggestions of where I can turn to find this sort of information would be much appreciated. Good books, MSDN, web sites?

    Thanks

    David

  • October 2, 2003 at 4:04 am

    #476710

    http://www.microsoft.com/technet/prodtechnol/sql/maintain/security/sp3sec

    http://www.microsoft.com/sql/techinfo/administration/2000/security

    http://www.sqlsecurity.com

    --Jonathan

    Edited by - jonathan on 10/02/2003 05:40:09 AM



    --Jonathan

  • October 2, 2003 at 1:41 pm

    #476864

    NGSSoftware have a couple of good papers on sql injection which are worth a read, espically if you are putting a database on the web.

    http://www.nextgenss.com/papers.html

    Steven

  • October 3, 2003 at 2:24 am

    #476923

    Thanks for the posts, Jonathan and Steven.

    I'll check out the references though I'm OK with SQL injection and much of the security stuff. Its the architectural possibilities that I want to explore more fully.

    Any other ideas?

  • October 3, 2003 at 6:16 am

    #476965

    I have done a similar type project where the web server is hosted at the ISP. But the client (and frankly, myself) did not want to put the database on the web server outside of the company. So we created COM+ components (in VB) on an internal server that ASP pages on the ISP server would call, and only the COM components would access the SQL Server.

    Result is database is totally inside and secure. COM server was protected using IP filtering to only allow connection from ISP server, and only using RPC port. Performance is still good because virtually all business logic was in the COM components, the only data outgoing "on the wire" was data to be displayed.

    Just another option that may fit your situation.

    Edited by - mharr on 10/03/2003 06:16:57 AM



    Mark

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply