feedback please on asp.net app security scenario

---

• From: "Vadim" <vadim@xxxxxxxxxxxx>
• Date: Wed, 26 Sep 2007 19:07:08 -0800

---

Hi,

I am wondering if somebody has any opinion if something is wrong with the
described below scenarion, can be improved, etc....
I think is scenario is very good.

Our asp.net app (connects to SQL Server) is installed at a client's site
using from my point of view the most standard way of security configuration:
IIS is configured for windows authentication with Impersonation=True, IIs
machine is installed in DMZ and connects inside firewall to AD and sql
server.
SQL server is also configured to use windows authentication and user
credentials obviously are propagated from IIS.
I heard complains about this scenarion that if a hacker breaks into IIS
machine they can go directly to sql server inside firewall.
Or maybe there are also other threats using this scenario.

Thank you,

Vadim


.

---

• Prev by Date: Re: login control blues
• Next by Date: Problem with Protocol Transition
• Previous by thread: XPath Filter 2.0 Support? (XML Digital Signatures)
• Next by thread: Problem with Protocol Transition
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: sql 2000 with a frontal IIS 6.0 template XML ... If you are using IIS6, you should enable some options on iis configuration ... > I would like to use http to send query to my sql server ... > I've configurated the virtual directory IIS with the sql tool ... (microsoft.public.sqlserver.xml) Re: Remoting Problem ... > server URL in IE? ... >> for our access to the SQL server, with the remoting being via IIS. ... (microsoft.public.dotnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)