Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Is a remote MS SQL connection secure.

Posted on 2013-12-11
3
Medium Priority
?
216 Views
Last Modified: 2013-12-16
Computer A   - my webserver with one sql table only holding encrypted data for connection to Computer B which contains the data needed to populate the website on Computer A via returned XML. Computer B is external to the domain of Computer A. Computer A is in a DMZ zone.

Computer B has incoming 1433 open only to the ip address of Computer A. Is the round trip data, sql from Computer A to Computer B and xml results from Computer B returning to Computer A secure?

Bob Mec
0
Comment
Question by:bob_mechler
3 Comments
 
LVL 19

Accepted Solution

by:
jss1199 earned 1600 total points
ID: 39712369
SQL transit data is not encrypted, unless you have enabled SSL encryption on your SQL server.  To learn more, read:
http://blogs.objectsharp.com/post/2008/12/04/Protecting-Data-in-Transit-between-applications-and-SQL-Server.aspx

http://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
0
 
LVL 9

Assisted Solution

by:QuinnDex
QuinnDex earned 400 total points
ID: 39712490
conecting through a second server does not secoure the database from injection, nor does encryption, sql injection is injected in a seemingly legitimate query, made possible by unsecured queries.

the query from server a will be passed to server b as a legitimate query and would pass on any injection present, (if you code permits it in the first place of course)


Microsoft recommendations on stopping SQL injection

http://msdn.microsoft.com/en-us/library/ff648339.aspx
0
 

Author Closing Comment

by:bob_mechler
ID: 39721304
Both were excellent but creating a secure connection was my immediate concern.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A Stored Procedure in Microsoft SQL Server is a powerful feature that it can be used to execute the Data Manipulation Language (DML) or Data Definition Language (DDL). Depending on business requirements, a single Stored Procedure can return differe…
An alternative to the "For XML" way of pivoting and concatenating result sets into strings, and an easy introduction to "common table expressions" (CTEs). Being someone who is always looking for alternatives to "work your data", I came across this …
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question