Solved

Is a remote MS SQL connection secure.

Posted on 2013-12-11
3
205 Views
Last Modified: 2013-12-16
Computer A   - my webserver with one sql table only holding encrypted data for connection to Computer B which contains the data needed to populate the website on Computer A via returned XML. Computer B is external to the domain of Computer A. Computer A is in a DMZ zone.

Computer B has incoming 1433 open only to the ip address of Computer A. Is the round trip data, sql from Computer A to Computer B and xml results from Computer B returning to Computer A secure?

Bob Mec
0
Comment
Question by:bob_mechler
3 Comments
 
LVL 19

Accepted Solution

by:
jss1199 earned 400 total points
ID: 39712369
SQL transit data is not encrypted, unless you have enabled SSL encryption on your SQL server.  To learn more, read:
http://blogs.objectsharp.com/post/2008/12/04/Protecting-Data-in-Transit-between-applications-and-SQL-Server.aspx

http://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
0
 
LVL 9

Assisted Solution

by:QuinnDex
QuinnDex earned 100 total points
ID: 39712490
conecting through a second server does not secoure the database from injection, nor does encryption, sql injection is injected in a seemingly legitimate query, made possible by unsecured queries.

the query from server a will be passed to server b as a legitimate query and would pass on any injection present, (if you code permits it in the first place of course)


Microsoft recommendations on stopping SQL injection

http://msdn.microsoft.com/en-us/library/ff648339.aspx
0
 

Author Closing Comment

by:bob_mechler
ID: 39721304
Both were excellent but creating a secure connection was my immediate concern.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSRS - Date Report Options 2 30
changing page verifacation 1 33
Visual Studio npm 1 12
MS SQL SERVER and ADODB.commands 8 23
Introduction In my previous article (http://www.experts-exchange.com/Microsoft/Development/MS-SQL-Server/SSIS/A_9150-Loading-XML-Using-SSIS.html) I showed you how the XML Source component can be used to load XML files into a SQL Server database, us…
Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Via a live example, show how to shrink a transaction log file down to a reasonable size.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question