How do I access an Internal Database from a Web Applicaition in a DMZ?

I am building a web application that will be housed in our company's DMZ.  This web application will need access to data that is housed in an internal SQL Server database.  Can someone tell me what is the appropriate way to access that data?  I want obviously something that is secure, but also as simple as possible to setup and maintain.
tsprksAsked:
Who is Participating?
 
CoyotesITConnect With a Mentor Commented:
Yes this is normal. And as long as your web server is secure, meaning that external to your firewall you only have the ports you need open to it, i.e. 80, 443 and your code is safe from sql injection on your web server you should be safe. Opening the ports to communicate is the mandatory part, you can do a number of other things to secure it, one by making sure the user accessing sql has rights to only do what you need in your application, on the database(s) that you need access to.

The microsoft kb i posted was the typical procedure for doing this.
0
 
CoyotesITCommented:
You will need to open the ports for SQL through your DMZ

http://support.microsoft.com/kb/287932


0
 
tsprksAuthor Commented:
Is that considered secure?
0
 
CoyotesITCommented:
As long as your web application is secure, opening a rule through your firewall should be fine.

You would want to make sure that you are only allowing a 1 to 1

Not knowing your firewall or setup this is just a generic outline

SQL = 10.10.10.100 (inside)

WEB = 192.168.1.20 (dmz)

firewall

10.100.10.100 <-> 192.168.1.20 port 1433

You can change your port on the SQL server, but if you are hosting other DB's on that server inside this would also need to be taken into consideration.

the above is letting your web server communicate with your sql server, but that is it.

very common scenario.


0
 
tsprksAuthor Commented:
I just want to make sure that I'm following here.  As long as my web application is secure and presumably my server(s) as well, I can open the appropriate port in my firewall to allow only traffic from my web server to my SQL Server and that's considered secure?  Is this the normal way to handle databases that must be accessed internally and externally through web sites?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.