humer2000
asked on
seting adress of SQL server to localhost or 127.0.0.1
Hi Experts
I have 2 servers, one (A) for asp application, the other (B) for sql server
when i connect A to B i use a SQL connection string suck like :
GetConnection = "DRIVER={SQL Server}; Server=IP ADDRESS; Database=xxxxx; UID=yyyyyyy; PWD=zzzzzz"
The problem is revealing the IP in the connection string makes my server unsecure
I would like to set a connection string like that
GetConnection = "DRIVER={SQL Server}; Server=127.0.0.1; Database=xxxxx; UID=yyyyyyy; PWD=zzzzzz"
Knowing that 127.0.0.1 is the local host addresse of server A, how can i make it point to SQL server B
Thx
I have 2 servers, one (A) for asp application, the other (B) for sql server
when i connect A to B i use a SQL connection string suck like :
GetConnection = "DRIVER={SQL Server}; Server=IP ADDRESS; Database=xxxxx; UID=yyyyyyy; PWD=zzzzzz"
The problem is revealing the IP in the connection string makes my server unsecure
I would like to set a connection string like that
GetConnection = "DRIVER={SQL Server}; Server=127.0.0.1; Database=xxxxx; UID=yyyyyyy; PWD=zzzzzz"
Knowing that 127.0.0.1 is the local host addresse of server A, how can i make it point to SQL server B
Thx
ASKER
i want to use this method because my old ISP was using it and it works.
This method allows connection to SQL server only by members of the network (Servers)
Preventing people from connecting to SQL directly from their PC
This method allows connection to SQL server only by members of the network (Servers)
Preventing people from connecting to SQL directly from their PC
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
![Avatar of Guy Hengel [angelIII / a3]](https://filedb.experts-exchange.com/files/public/2013/11/25/ddbe0ea6-aa6e-4279-b781-57b735dd3ea0.jpeg){kind=small}
>i want to use this method because my old ISP was using it and it works.
it will ONLY work if the web server and the sql server are on the same computer, otherwise it cannot work.
127.0.0.1 is a reserved ip address that means "myself" for the computer.
usually, an entry in the hosts files resolved localhost to that ip address, but that is not necessary.
as hbz noted, you need to use a IP address or Name of a server, where you can play with the hosts file
usuaally, the web server is in a DMZ, while the sql server is behind the DMZ (if you don't know what it is, ask a network admin: DMZ is a De-Militarized Zone, special term in networking)
and a firewall that explicitely opens the route between the web server and the sql server for only those ports that the sql server will need (usually 1, and the port is configurable).
it will ONLY work if the web server and the sql server are on the same computer, otherwise it cannot work.
127.0.0.1 is a reserved ip address that means "myself" for the computer.
usually, an entry in the hosts files resolved localhost to that ip address, but that is not necessary.
as hbz noted, you need to use a IP address or Name of a server, where you can play with the hosts file
usuaally, the web server is in a DMZ, while the sql server is behind the DMZ (if you don't know what it is, ask a network admin: DMZ is a De-Militarized Zone, special term in networking)
and a firewall that explicitely opens the route between the web server and the sql server for only those ports that the sql server will need (usually 1, and the port is configurable).
ASKER
Hi hbz
i have follwoed solution 1, Seting up a DSN on my application server
and it works fine
thx
i have follwoed solution 1, Seting up a DSN on my application server
and it works fine
thx
Why don't you encrypt the connection string, and decrypt it before you use it?
If you are using ASP.NET, there are many ways to do this in the web.config
http://www.codersource.net/asp_net_security_connection_string.aspx
http://gridviewguy.com/ArticleDetails.aspx?articleID=143
If you are using classic ASP and VB (in a dll) there are literally hundreds of examples on the internet on how to do this.
If you are not using a dll, create one - storing the logic for encryption/decryption in the page would be a really bad idea.
Cheers
Night