Solved

Secure open port SQL server linked to Access Project Database file (ADP)

Posted on 2010-08-25
2
289 Views
Last Modified: 2012-05-10
Hi Guys,

I have a dedicated windows web server hosted by oneandone.co.uk
I've installed SQL server express and have an Access Project Database connected to the SQL database remotely, It all works suprisingly well across the open internet.
Obviously I'm concerned about the security aspect. I have it currently set so the user has to enter their Username and Password to login to the Database. Are there other ways of making it more secure by possibly tying it to the users mac address or some other method. I can't use an IP address because most users will not have a fixed IP address. I can set a different port number instead of the default 1433 but it is still an open port.

Any suggestions greatly received.
0
Comment
Question by:dataflowjoe
2 Comments
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 33527490
The two can not be tied in.  The application SQL has no way of knowing what the MAC address of the remote user given that that packet travels through multiple routers and gets assembled by the networking driver of the OS.

A way to secure it is by controlling access.  I.e. configure firewall to limit who can connect to the port.  The other option is to use secure/encrypted socket and require the remote users have a certificate that your server will recognize.

The best way is to setup a web page/ASP that the users can use to access their data.  Adding logic into the web page that will lock out failed requests from the same source based on IP which is present in the HTTP headers and is passed to the web based application by the web server.

No matter which option you take, you still have an open port through which attempts to gain access will be made.
0
 
LVL 2

Author Closing Comment

by:dataflowjoe
ID: 33529002
Thanks for your reply , I've decided to use a VPN solution now.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction A frequently used term in Object-Oriented design is "SOLID" which is a mnemonic acronym that covers five principles of OO design.  These principles do not stand alone; there is interplay among them.  And they are not laws, merely princ…
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question