access database from internet

Posted on 2005-04-06
Last Modified: 2010-04-17
considering security cautions ,I would like to know how the banks ,for instance, they expose their database to public access.
so as to say if someone needs to check the status of his bank account  through internet, is he going to access a database server or just a read-only copy of the database located on the web server.

I need to know the concept of exposing database to a public access and how do they secure it , for instance using SSL or another method.


Question by:Chuckbuchan
    LVL 6

    Accepted Solution

    Hi Checkbuchan,

    As with most things there are a few answers to this question.  As far as how the banks expose database functionality to the web I am unsure, however, the development of Web Service technology in the dotNET framework has made Web Services an extremely viable option for performing database operations online.  Plus with the release of WSE (Web Service Enhancements - A group of tools which can be used to apply various security and other enhancements to your Web Services) they have become a very reliable option.  The WS-Security tools in WSE 2.0 concentrate on:

    1. User Authentication (Security Tokens)
    2. Message Integrity (Digital Signing)
    3. Message Security (Encryption)

    For more information on WSE and WS-Security visit:


    Hope this helps.


    Jack Pick
    Total Data Solutions

    Author Comment

    do you have an idea about a general concept in securing a database exposed to public access. other than dotNet?
    LVL 6

    Expert Comment

    The only other way I have done this is using ASP / HTML and using an SSL certficate to secure the page.  This was before the advent of Web Services, however, and I would now not use any other method.


    Author Comment

    1-you used SSL for the web pages I guess

    2-what about the database server? it shoud be behind a fire wall.
    3- which ports did you open , port 80?  or some additional ports?
    4-The IIS , I believe is installed on the database server also.

    If you would just give me some details about the architecture of your database server that's accesses through internet, before tha advent of web services.

    I appreciate it.

    LVL 7

    Assisted Solution

    In my experience, the "physical" layout would be something like:

    DB Server & the rest of the internal network <--> FIREWALL <--> WebServer <--> FIREWALL <-->The Internet

    In this configuration, the webserver is in a protective sandbox.  I would surely use SSL for the clients to connect to the Webserver.  From there, I would suggest only exposing a webservice on the DBserver which will only accept communications from the WebServer and possibly the internal network if the need is there.

    As far as ports, 80 and 443 for HTTP and HTTPS for the WebServer.  If you are super paranoid and have the $$ to spend, I would suggest a dedicated internet connection for the webserver.  Then you could restrict any outbound communications to replies and only allow the web server to communicate with the backend database.

    Author Comment

    do you have any configuration steps in your mind to make DBserver(let's say SQL server) talk to webserver which is in the dmz according to your graph?

    It's like the webserver forwards queries to the DBserver and the DBservers answers the queries, and those queries need to pass through a fire wall which means configuration of proxies and filters. Could you please explain to me this in details, since you have done that previously.

    I appreciate it.


    Featured Post

    Courses: Start Training Online With Pros, Today

    Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

    Join & Write a Comment

    Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
    A short article about problems I had with the new location API and permissions in Marshmallow
    In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now