R
Rob
What is the best way to safely access a companies ERP data (SQL server) from
a website that is hosted outside the firewall ?
a website that is hosted outside the firewall ?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
J
John Timney \(MVP\)
There are lots of approaches like secured web services fronting SQL and
secured broker services. Ideally, your firewall team should be able to
harden the connection so that the only device that can access SQL is the
actual web server. I'm assuming here its your SQL server!
Regards
John Timney (MVP)
http://www.johntimney.com
http://www.johntimney.com/blog
secured broker services. Ideally, your firewall team should be able to
harden the connection so that the only device that can access SQL is the
actual web server. I'm assuming here its your SQL server!
Regards
John Timney (MVP)
http://www.johntimney.com
http://www.johntimney.com/blog
R
Rob
Thanks John,
Where might I get info on these approaches ?
Also, I guess I am asking from a coding standpoint and I guess it would
probably be linked to the approach above, but... might I use stored
procedures ? or web services ?
Which would be more likely given that 2 different entities are involved
(company using the service / web hosting company) ?
Where might I get info on these approaches ?
Also, I guess I am asking from a coding standpoint and I guess it would
probably be linked to the approach above, but... might I use stored
procedures ? or web services ?
Which would be more likely given that 2 different entities are involved
(company using the service / web hosting company) ?
S
Scott Roberts
Stored procs still means you have to give outside access to the SQL Server.
I'm not a security guru, but I would think that something like this would be
best:
Hosted Site -> Firewall -> Internal IIS (Web Services) -> SQL Server
Obviously, the internal IIS and SQL Server should be on different machines.
You may also want to put yet another firewall between your internal IIS and
SQL Server (or put IIS in the DMZ if your firewall/router supports it).
Keep that DB away from the outside world!
I'm not a security guru, but I would think that something like this would be
best:
Hosted Site -> Firewall -> Internal IIS (Web Services) -> SQL Server
Obviously, the internal IIS and SQL Server should be on different machines.
You may also want to put yet another firewall between your internal IIS and
SQL Server (or put IIS in the DMZ if your firewall/router supports it).
Keep that DB away from the outside world!
R
Rob
Thanks, so would that mean Web services would be the way to go ?
J
John Timney \(MVP\)
If you use web services, then you only expose some webservice methods that
can access SQL server, whihc themselves can call stored procs - but there is
at least no direct access to SQL, which is more secure and can be done over
SSL.
Regards
John Timney (MVP)
http://www.johntimney.com
http://www.johntimney.com/blog
can access SQL server, whihc themselves can call stored procs - but there is
at least no direct access to SQL, which is more secure and can be done over
SSL.
Regards
John Timney (MVP)
http://www.johntimney.com
http://www.johntimney.com/blog