Avatar of Stephen Forero
Stephen Forero
Flag for United States of America asked on

Security Concern using restful webservice, sql, port forwarding

Afternoon All,

I have a project that I am trying to accomplish.  Goal being, have my iPhone run stored procedures from a SQL database from outside the network.

As I am very new to this I am trying to put together all the pieces conceptually.

From researching and asking around so far I have implemented the following:

A. On my home pc, I setup a Restful WCF service.  I've been reading about rest services and don't quite understand the difference but that seems to be what is recommended a lot.

B.  Then I have it hosted using IIS.  From what I understand on this, you have to host the webservice somehow, so this is what I am using.  Correct me if I am wrong, but IIS give others the ability to SEE/ACCESS this webservice.

C.  Right now it works INSIDE my home network.  All I have setup now is a standard, user types in a http address, like "www.192.xxx.xxx.xx/mywebservice/custommessagegoeshere"
Then the service returns a message like YOU HAVE RETURNED custommessagegoeshere.

D.  Next step will be to return data from a local SQL stored procedure, and return that data in xml or json format.

Question #1
Will I be able to Run stored procedures using a http GET or POST like I am using so far in my very standard message above?

Question #2
Eventually when this project is complete I will host on a site like godaddy or something like that.  But until then I will have this hosted on my home computer, and goal being able to access from outside my home network.
So... to accomplish having outside users access this local webservice.  I think I need to do PORTFORWARDING.  I'm still trying to learn about this, but I think anytime my router gets a request at X port, it forwards to my webservice.
-   Is this correct?  Is port forwarding what I should use?
- Is this safe?  By using a port forwarding am I opening up my home pc to the world?  Can hackers ruin my home pc doing this?

Sorry for the long post.
WCFMicrosoft SQL ServerInternet Protocols

Avatar of undefined
Last Comment
Stephen Forero

8/22/2022 - Mon
David Johnson, CD

Everytime you open a port for unsolicited inbound yes you are reducing your security.  But if the only thing that is using that port is the restful service then that is the only attack vector.

If you want to never get malware or have security issues, remove the hard drive and never turn on the computer.. this isn't very practical.. sometimes you need to get something done, so you make allowances for it.

So you add authentication to the web service.. so that people hit the logon prompt and not have a clue what the heck is behind the login.  You don't have to expose the sql server database to the world.. keep its connections behind the router. I.e if you have to open port 1433 only allow it within your subnet
SOLUTION
Aaron Tomosky

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Ray Paseur

No points for this, please.  Just a couple of links that might be useful.

// COMMONLY USED PORT NUMBERS
// SEE: http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml (SLOW TO LOAD)
// SEE: http://browntips.com/cpanel-and-whm-port-numbers/
Stephen Forero

ASKER
thanks for the help everyone

ve3ofa,
So you add authentication to the web service.. so that people hit the logon prompt and not have a clue what the heck is behind the login.  You don't have to expose the sql server database to the world.. keep its connections behind the router. I.e if you have to open port 1433 only allow it within your subnet

sorry for my ignorance... so if I use port forwarding... anyone who tries to access my ipaddress with that port, hits my webservice ONLY?  thats the part I'm confused about.  meaning, when I use port forwarding and it forwards, can an outside user hit my pc, or they ONLY see a webservice?  What does that mean "keep its connections behind a router"?  

aaron,
Your website connects to SQL on 1433 but your phone connects to your web service on port 80 like the rest of the web (you can change it to anything you want though). So you reach your computer from your phone not in your wifi, you need to forward port 80 on your router to your pc. (Or whatever port you choose) then use your external ip from your phone. Find this by going to whatismyip.com on your computer
This part I think I understand... webservice connecting to SQL on 1433... and my phone will connect to webservice on port80.
I guess the main thing I just want to make sure is, when I open that port80, will a internet user ONLY see the webservice... or can they hack my pc.

And again, I understand I cannot be 100% secure... I just mean whatever the norm is for security.  Don't want to be completely open.

Sorry for the repetitiveness
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Aaron Tomosky

They should only see the web service. However hacking IS a process in which people try to get access to things they don't have access to.
For your situation it's fine. If you want to be extra careful you can run your we server on a non standard port like 8010 or something
Stephen Forero

ASKER
thank you... I believe that answers my main concern.  appreciate the help
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Stephen Forero

ASKER
thanks... so adding authentication to the webservice and using a non-standard port should be enough for my mere webservice.

thanks guys
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.