Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

Allowing websites access to SSL-secured database server

Hi All,

I have a website that uses an MS SQL db on the same box as the website. This site uses SSL, and all is good for now.

However I have someone who would like to build websites that can connect to this database from other servers.

Surely this kind of security concern has come up before? What are some of my options of taking, say, a form submittal, from a website on a different server with a different IP who most likely would not have SSL, and somehow get that to my secure database?

Any suggestions?

Thank you

Bill
0
billium99
Asked:
billium99
2 Solutions
 
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Probably the best thing to do is use a webservice/wcf http://blogs.msdn.com/b/ericwhite/archive/2010/05/11/getting-started-building-a-wcf-web-service.aspx

This way you are not directly accessing the db.
0
 
Ted BouskillSenior Software DeveloperCommented:
OK, first off, server side SSL only prevents 3rd parties from reading packets in transit, it does NOT prevent someone else from malicious use of the connection to the database.  Exposing a database port is very dangerous.  If the remote site is penetrated they then have full access to your database.

A web service is just another logical layer without any additional security.  In fact, web services do not offer any security other than what the web server provides!

I'd suggest a secure VPN tunnel from the remote web server to your server and even then provide least privilege access.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now