Solved

Allowing websites access to SSL-secured database server

Posted on 2013-11-10
2
223 Views
Last Modified: 2013-11-14
Hi All,

I have a website that uses an MS SQL db on the same box as the website. This site uses SSL, and all is good for now.

However I have someone who would like to build websites that can connect to this database from other servers.

Surely this kind of security concern has come up before? What are some of my options of taking, say, a form submittal, from a website on a different server with a different IP who most likely would not have SSL, and somehow get that to my secure database?

Any suggestions?

Thank you

Bill
0
Comment
Question by:billium99
2 Comments
 
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 200 total points
Comment Utility
Probably the best thing to do is use a webservice/wcf http://blogs.msdn.com/b/ericwhite/archive/2010/05/11/getting-started-building-a-wcf-web-service.aspx

This way you are not directly accessing the db.
0
 
LVL 51

Accepted Solution

by:
tedbilly earned 300 total points
Comment Utility
OK, first off, server side SSL only prevents 3rd parties from reading packets in transit, it does NOT prevent someone else from malicious use of the connection to the database.  Exposing a database port is very dangerous.  If the remote site is penetrated they then have full access to your database.

A web service is just another logical layer without any additional security.  In fact, web services do not offer any security other than what the web server provides!

I'd suggest a secure VPN tunnel from the remote web server to your server and even then provide least privilege access.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now