[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 338
  • Last Modified:

How do I access an Internal Database from a Web Applicaition in a DMZ?

I am building a web application that will be housed in our company's DMZ.  This web application will need access to data that is housed in an internal SQL Server database.  Can someone tell me what is the appropriate way to access that data?  I want obviously something that is secure, but also as simple as possible to setup and maintain.
0
tsprks
Asked:
tsprks
  • 3
  • 2
1 Solution
 
CoyotesITCommented:
You will need to open the ports for SQL through your DMZ

http://support.microsoft.com/kb/287932


0
 
tsprksAuthor Commented:
Is that considered secure?
0
 
CoyotesITCommented:
As long as your web application is secure, opening a rule through your firewall should be fine.

You would want to make sure that you are only allowing a 1 to 1

Not knowing your firewall or setup this is just a generic outline

SQL = 10.10.10.100 (inside)

WEB = 192.168.1.20 (dmz)

firewall

10.100.10.100 <-> 192.168.1.20 port 1433

You can change your port on the SQL server, but if you are hosting other DB's on that server inside this would also need to be taken into consideration.

the above is letting your web server communicate with your sql server, but that is it.

very common scenario.


0
 
tsprksAuthor Commented:
I just want to make sure that I'm following here.  As long as my web application is secure and presumably my server(s) as well, I can open the appropriate port in my firewall to allow only traffic from my web server to my SQL Server and that's considered secure?  Is this the normal way to handle databases that must be accessed internally and externally through web sites?
0
 
CoyotesITCommented:
Yes this is normal. And as long as your web server is secure, meaning that external to your firewall you only have the ports you need open to it, i.e. 80, 443 and your code is safe from sql injection on your web server you should be safe. Opening the ports to communicate is the mandatory part, you can do a number of other things to secure it, one by making sure the user accessing sql has rights to only do what you need in your application, on the database(s) that you need access to.

The microsoft kb i posted was the typical procedure for doing this.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now