al4629740
asked on
Configure Azure SQL DB firewall with various users accessing database
I have discovered a dilemma with our azure SQL database. Under firewall settings I am supposed to specify IP addresses that can access the database. We are using a VB6 app, which is not central to any specific location. Is it OK to open up the firewall so that various locations can access it? Or is this too much of a security risk? Has anyone ever run into this problem?
ASKER
So hopefully my question was not confusing. The users that are accessing the database will be at various dynamic IP addresses. How do I handle that issue when the IP address keeps changing or if the user is at an unknown location.
Right...but though they have a dynamic IP...it doesn't change that often. If they find themselves blocked because of an IP change...again...all they have to do is open SQL Server Management studio...and login to the database...it will immediately say...do you want to add your ip to the firewall...and click yes.
I would personally rather them deal with this minor inconvenience rather than open up the DB to the entire internet.
I would personally rather them deal with this minor inconvenience rather than open up the DB to the entire internet.
ASKER
Each person does not have the privilege to access the DB thru SSMS. They are only using an application. We don't want them accessing the DB directly thru SSMS
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Would it be possible for you to set up a Terminal Services Remote desktop server and have them remote into a server with a static IP?
That would solve the problem also...and you only have to allow one IP.
I believe you can get this on Azure as well.
That would solve the problem also...and you only have to allow one IP.
I believe you can get this on Azure as well.
ASKER
That's an idea worth considering
The users can download and install the SQL Server Management Studio for free...and login using their credentials to add their own IP addresses...they won't have to do it again unless their IP address changes.