?
Solved

Is a remote MS SQL connection secure.

Posted on 2013-12-11
3
Medium Priority
?
214 Views
Last Modified: 2013-12-16
Computer A   - my webserver with one sql table only holding encrypted data for connection to Computer B which contains the data needed to populate the website on Computer A via returned XML. Computer B is external to the domain of Computer A. Computer A is in a DMZ zone.

Computer B has incoming 1433 open only to the ip address of Computer A. Is the round trip data, sql from Computer A to Computer B and xml results from Computer B returning to Computer A secure?

Bob Mec
0
Comment
Question by:bob_mechler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 19

Accepted Solution

by:
jss1199 earned 1600 total points
ID: 39712369
SQL transit data is not encrypted, unless you have enabled SSL encryption on your SQL server.  To learn more, read:
http://blogs.objectsharp.com/post/2008/12/04/Protecting-Data-in-Transit-between-applications-and-SQL-Server.aspx

http://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
0
 
LVL 9

Assisted Solution

by:QuinnDex
QuinnDex earned 400 total points
ID: 39712490
conecting through a second server does not secoure the database from injection, nor does encryption, sql injection is injected in a seemingly legitimate query, made possible by unsecured queries.

the query from server a will be passed to server b as a legitimate query and would pass on any injection present, (if you code permits it in the first place of course)


Microsoft recommendations on stopping SQL injection

http://msdn.microsoft.com/en-us/library/ff648339.aspx
0
 

Author Closing Comment

by:bob_mechler
ID: 39721304
Both were excellent but creating a secure connection was my immediate concern.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question