I have an application SchoolPro runs on a server and uses .net to allow the client computers to interact with the appliation. The application SchoolPro runs with a SQL backend and uses no php or SQL in the interaction between Server and Client. I am being told it is safe to poke a hole in the firewall and allow https connections from the internet to this server. I thought of putting the ShoolPro server in a DMZ would be needed to ensure a level of security and damage controll should something be hacked.
What are you thoughts on the security of the proposed setup, why and why not?
Thanks for your thoughts.