Solved

Is a remote MS SQL connection secure.

Posted on 2013-12-11
3
204 Views
Last Modified: 2013-12-16
Computer A   - my webserver with one sql table only holding encrypted data for connection to Computer B which contains the data needed to populate the website on Computer A via returned XML. Computer B is external to the domain of Computer A. Computer A is in a DMZ zone.

Computer B has incoming 1433 open only to the ip address of Computer A. Is the round trip data, sql from Computer A to Computer B and xml results from Computer B returning to Computer A secure?

Bob Mec
0
Comment
Question by:bob_mechler
3 Comments
 
LVL 19

Accepted Solution

by:
jss1199 earned 400 total points
ID: 39712369
SQL transit data is not encrypted, unless you have enabled SSL encryption on your SQL server.  To learn more, read:
http://blogs.objectsharp.com/post/2008/12/04/Protecting-Data-in-Transit-between-applications-and-SQL-Server.aspx

http://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
0
 
LVL 9

Assisted Solution

by:QuinnDex
QuinnDex earned 100 total points
ID: 39712490
conecting through a second server does not secoure the database from injection, nor does encryption, sql injection is injected in a seemingly legitimate query, made possible by unsecured queries.

the query from server a will be passed to server b as a legitimate query and would pass on any injection present, (if you code permits it in the first place of course)


Microsoft recommendations on stopping SQL injection

http://msdn.microsoft.com/en-us/library/ff648339.aspx
0
 

Author Closing Comment

by:bob_mechler
ID: 39721304
Both were excellent but creating a secure connection was my immediate concern.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question