Solved

Is a remote MS SQL connection secure.

Posted on 2013-12-11
3
202 Views
Last Modified: 2013-12-16
Computer A   - my webserver with one sql table only holding encrypted data for connection to Computer B which contains the data needed to populate the website on Computer A via returned XML. Computer B is external to the domain of Computer A. Computer A is in a DMZ zone.

Computer B has incoming 1433 open only to the ip address of Computer A. Is the round trip data, sql from Computer A to Computer B and xml results from Computer B returning to Computer A secure?

Bob Mec
0
Comment
Question by:bob_mechler
3 Comments
 
LVL 19

Accepted Solution

by:
jss1199 earned 400 total points
Comment Utility
SQL transit data is not encrypted, unless you have enabled SSL encryption on your SQL server.  To learn more, read:
http://blogs.objectsharp.com/post/2008/12/04/Protecting-Data-in-Transit-between-applications-and-SQL-Server.aspx

http://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
0
 
LVL 9

Assisted Solution

by:QuinnDex
QuinnDex earned 100 total points
Comment Utility
conecting through a second server does not secoure the database from injection, nor does encryption, sql injection is injected in a seemingly legitimate query, made possible by unsecured queries.

the query from server a will be passed to server b as a legitimate query and would pass on any injection present, (if you code permits it in the first place of course)


Microsoft recommendations on stopping SQL injection

http://msdn.microsoft.com/en-us/library/ff648339.aspx
0
 

Author Closing Comment

by:bob_mechler
Comment Utility
Both were excellent but creating a secure connection was my immediate concern.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Join & Write a Comment

Suggested Solutions

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now