[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

access database from internet

Posted on 2005-04-06
6
Medium Priority
?
291 Views
Last Modified: 2010-04-17
considering security cautions ,I would like to know how the banks ,for instance, they expose their database to public access.
so as to say if someone needs to check the status of his bank account  through internet, is he going to access a database server or just a read-only copy of the database located on the web server.

I need to know the concept of exposing database to a public access and how do they secure it , for instance using SSL or another method.

thanks

0
Comment
Question by:Chuckbuchan
  • 3
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
TDSnet earned 540 total points
ID: 13723127
Hi Checkbuchan,

As with most things there are a few answers to this question.  As far as how the banks expose database functionality to the web I am unsure, however, the development of Web Service technology in the dotNET framework has made Web Services an extremely viable option for performing database operations online.  Plus with the release of WSE (Web Service Enhancements - A group of tools which can be used to apply various security and other enhancements to your Web Services) they have become a very reliable option.  The WS-Security tools in WSE 2.0 concentrate on:

1. User Authentication (Security Tokens)
2. Message Integrity (Digital Signing)
3. Message Security (Encryption)

For more information on WSE and WS-Security visit:

http://msdn.microsoft.com/webservices/building/wse/

and

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/html/ws-security.asp

Hope this helps.

Cheers,

Jack Pick
Total Data Solutions
0
 

Author Comment

by:Chuckbuchan
ID: 13723254
do you have an idea about a general concept in securing a database exposed to public access. other than dotNet?
0
 
LVL 6

Expert Comment

by:TDSnet
ID: 13723654
The only other way I have done this is using ASP / HTML and using an SSL certficate to secure the page.  This was before the advent of Web Services, however, and I would now not use any other method.

Jack
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Chuckbuchan
ID: 13729194
1-you used SSL for the web pages I guess

2-what about the database server? it shoud be behind a fire wall.
3- which ports did you open , port 80?  or some additional ports?
4-The IIS , I believe is installed on the database server also.

If you would just give me some details about the architecture of your database server that's accesses through internet, before tha advent of web services.

I appreciate it.



0
 
LVL 7

Assisted Solution

by:jacobhoover
jacobhoover earned 210 total points
ID: 13730995
In my experience, the "physical" layout would be something like:

DB Server & the rest of the internal network <--> FIREWALL <--> WebServer <--> FIREWALL <-->The Internet

In this configuration, the webserver is in a protective sandbox.  I would surely use SSL for the clients to connect to the Webserver.  From there, I would suggest only exposing a webservice on the DBserver which will only accept communications from the WebServer and possibly the internal network if the need is there.

As far as ports, 80 and 443 for HTTP and HTTPS for the WebServer.  If you are super paranoid and have the $$ to spend, I would suggest a dedicated internet connection for the webserver.  Then you could restrict any outbound communications to replies and only allow the web server to communicate with the backend database.
0
 

Author Comment

by:Chuckbuchan
ID: 13731584
do you have any configuration steps in your mind to make DBserver(let's say SQL server) talk to webserver which is in the dmz according to your graph?

It's like the webserver forwards queries to the DBserver and the DBservers answers the queries, and those queries need to pass through a fire wall which means configuration of proxies and filters. Could you please explain to me this in details, since you have done that previously.

I appreciate it.


0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
Simple Linear Regression

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question