How do I access an Internal Database from a Web Applicaition in a DMZ?

I am building a web application that will be housed in our company's DMZ.  This web application will need access to data that is housed in an internal SQL Server database.  Can someone tell me what is the appropriate way to access that data?  I want obviously something that is secure, but also as simple as possible to setup and maintain.
tsprksAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CoyotesITCommented:
You will need to open the ports for SQL through your DMZ

http://support.microsoft.com/kb/287932


0
tsprksAuthor Commented:
Is that considered secure?
0
CoyotesITCommented:
As long as your web application is secure, opening a rule through your firewall should be fine.

You would want to make sure that you are only allowing a 1 to 1

Not knowing your firewall or setup this is just a generic outline

SQL = 10.10.10.100 (inside)

WEB = 192.168.1.20 (dmz)

firewall

10.100.10.100 <-> 192.168.1.20 port 1433

You can change your port on the SQL server, but if you are hosting other DB's on that server inside this would also need to be taken into consideration.

the above is letting your web server communicate with your sql server, but that is it.

very common scenario.


0
tsprksAuthor Commented:
I just want to make sure that I'm following here.  As long as my web application is secure and presumably my server(s) as well, I can open the appropriate port in my firewall to allow only traffic from my web server to my SQL Server and that's considered secure?  Is this the normal way to handle databases that must be accessed internally and externally through web sites?
0
CoyotesITCommented:
Yes this is normal. And as long as your web server is secure, meaning that external to your firewall you only have the ports you need open to it, i.e. 80, 443 and your code is safe from sql injection on your web server you should be safe. Opening the ports to communicate is the mandatory part, you can do a number of other things to secure it, one by making sure the user accessing sql has rights to only do what you need in your application, on the database(s) that you need access to.

The microsoft kb i posted was the typical procedure for doing this.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server 2005

From novice to tech pro — start learning today.