Solved

Allowing websites access to SSL-secured database server

Posted on 2013-11-10
2
231 Views
Last Modified: 2013-11-14
Hi All,

I have a website that uses an MS SQL db on the same box as the website. This site uses SSL, and all is good for now.

However I have someone who would like to build websites that can connect to this database from other servers.

Surely this kind of security concern has come up before? What are some of my options of taking, say, a form submittal, from a website on a different server with a different IP who most likely would not have SSL, and somehow get that to my secure database?

Any suggestions?

Thank you

Bill
0
Comment
Question by:billium99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 53

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 200 total points
ID: 39637719
Probably the best thing to do is use a webservice/wcf http://blogs.msdn.com/b/ericwhite/archive/2010/05/11/getting-started-building-a-wcf-web-service.aspx

This way you are not directly accessing the db.
0
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 300 total points
ID: 39647065
OK, first off, server side SSL only prevents 3rd parties from reading packets in transit, it does NOT prevent someone else from malicious use of the connection to the database.  Exposing a database port is very dangerous.  If the remote site is penetrated they then have full access to your database.

A web service is just another logical layer without any additional security.  In fact, web services do not offer any security other than what the web server provides!

I'd suggest a secure VPN tunnel from the remote web server to your server and even then provide least privilege access.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question