What is the best approach for 'indirect' access to secure data.
Posted on 2010-08-24
I have a secure SQL DB that contains user data that is needed for login authentication by a web app. The web app is being developed by a third party, and we do not want to allow their app to authenticate login data with our secure DB directly.
What is the best approach to provide the authentication (verify the user is in our DB) without allowing a direct connection to our server and DB? The only thing I can think of is to develop a Windows 'service' that would run all the time and look for inbound login request packets. Then the 'service' would query the DB and return a 'pass/fail' packet for subsequent pickup by the web app.
I am sure there are a number of approaches, but I can think of only the one.