Solved

Allowing websites access to SSL-secured database server

Posted on 2013-11-10
2
227 Views
Last Modified: 2013-11-14
Hi All,

I have a website that uses an MS SQL db on the same box as the website. This site uses SSL, and all is good for now.

However I have someone who would like to build websites that can connect to this database from other servers.

Surely this kind of security concern has come up before? What are some of my options of taking, say, a form submittal, from a website on a different server with a different IP who most likely would not have SSL, and somehow get that to my secure database?

Any suggestions?

Thank you

Bill
0
Comment
Question by:billium99
2 Comments
 
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 200 total points
ID: 39637719
Probably the best thing to do is use a webservice/wcf http://blogs.msdn.com/b/ericwhite/archive/2010/05/11/getting-started-building-a-wcf-web-service.aspx

This way you are not directly accessing the db.
0
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 300 total points
ID: 39647065
OK, first off, server side SSL only prevents 3rd parties from reading packets in transit, it does NOT prevent someone else from malicious use of the connection to the database.  Exposing a database port is very dangerous.  If the remote site is penetrated they then have full access to your database.

A web service is just another logical layer without any additional security.  In fact, web services do not offer any security other than what the web server provides!

I'd suggest a secure VPN tunnel from the remote web server to your server and even then provide least privilege access.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HTML in email body has extra  tick marks 3 87
Generate report pulling data (links) from three tables 31 66
Using querystring in a hyperlink 3 55
ASP/VB email question 4 46
I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question