Security for connections from DMZ
- From: David Wimbush <david_wimbush@xxxxxxxxxxx>
- Date: Mon, 20 Aug 2007 06:45:41 -0700
I have just been handed the role of DBA and, while I think I'm pretty
solid on SQL security within the domain (I'm a Windows app developer),
the web side of things is fairly new ground for me. I would really
appreciate some help.
We have an IIS 6 server in our DMZ running web sites and web services
that talk to our SQL server 2005 inside our firewall. I see that the
sites and services all use SQL logins and passwords which they store
in their web.config files in plain text. I can't imagine that this is
best practice but I'm struggling to establish what is. I'm seeing a
variety of recommendations but I just don't know enough about IIS,
domains, etc to tell which is best.
These sites and services were all developed in-house so I can fix them
once I know how to go about it. Can you suggest the proper way to
handle this and/or point me to resources that explain how to choose an
approach and how to implement it, please? Thanks.
.
- Prev by Date: Re: db_ddladmin rights in Management Studio
- Next by Date: SQL Express: is there a commandline way to set the default static port of a named instance?
- Previous by thread: Re: db_ddladmin rights in Management Studio
- Next by thread: SQL Express: is there a commandline way to set the default static port of a named instance?
- Index(es):
Relevant Pages
|
|
