Prev: ASP Classic site on II7 and Windows Server 2008
Next: Dot Net 2.0 SP1 messed up my Intranet
From: Dan on 26 Jul 2010 12:50
Hi,
Thanks for all your replies. It's great news that SQL Server on Web Edition
allow network connection.

I think I am guilty of not explaining myself very well.

My plan was to enable port 80 and 443 requests to the web server from the
outside (internet) on my external facing firewall. All other port would be
blocked
We would then allow an Internal client (intranet) to connect to the SQL
Server port on the web server - whcih would allow us to copy/update a limited
section of records from our main internal database. Hence the reason for
asking about direct connection to the SQL database. Is this still a bad plan?



"Mr. Arnold" wrote:

>
> "Dan" <Dan(a)discussions.microsoft.com> wrote in message
> news:CA573BB3-A0D6-414D-8C34-B35B98D222FB(a)microsoft.com...
> > Hi,
> > We are hoping to deploy a Srvr 2008 Web Edition box in a DMZ with a SQL
> > database (used by the webpage).
> >
> > Is it possible for a client to connect to the database directly (not
> > through
> > IIS) to periodically upload data? I have heard that SQL is for local use
> > only.
> >
> > I would rather that client made the connection to upload the data rather
> > then the webserver (incase the webserver is comprimised)
>
> You're opening the SQL Server up on the Web server to be hacked for sure by
> putting the server into the DMZ.
>
> You can use the SQL Server Service Broker and keep the machine behind the
> firewall.
>
> http://msdn.microsoft.com/en-us/library/ms166043(SQL.90).aspx
>
> You can connect remotely to the SQL Server Service Broker queues.
>
> http://msdn.microsoft.com/en-us/library/ms166145.aspx
>
> You can crate XML for CRUD operations against tables and send the XML to the
> SQL Server Service Broker queues you named for each CRUD operation.
>
> Of course you would have a client side app, it can be Window desktop,
> Console, Windows Service or Web application that will go into communications
> with the SQL Server Service Broker and send the XML to the appropriate
> queue.
>
> Then you can use the SQL Server Service Broker CLR which can use C# or
> VB.NET and do thing you want after you read it out of a queue and do CRUD
> operations against the database.
>
> http://en.wikipedia.org/wiki/Microsoft_SQL_Server
>
>
>
>
> .
>
From: "Mr. Arnold" MR. on 26 Jul 2010 16:22

"Dan" <Dan(a)discussions.microsoft.com> wrote in message
news:2340D2D9-FCB5-4F2C-96B9-C1786E04FE28(a)microsoft.com...
> Hi,
> Thanks for all your replies. It's great news that SQL Server on Web
> Edition
> allow network connection.
>
> I think I am guilty of not explaining myself very well.
>
> My plan was to enable port 80 and 443 requests to the web server from the
> outside (internet) on my external facing firewall. All other port would be
> blocked
> We would then allow an Internal client (intranet) to connect to the SQL
> Server port on the web server - whcih would allow us to copy/update a
> limited
> section of records from our main internal database. Hence the reason for
> asking about direct connection to the SQL database. Is this still a bad
> plan?

If the SQL server port is behind the FW and you're talking about an Intranet
client, then you should be ok. But you should post your questions to the NG
'comp.security.firewalls' to people who work with network security and such,
as they can answer your questions about any possible risks you may be
facing.

You may need to look into using a VPN (Virtual Private Network) with your
clients. Post to the NG I am suggesting to you and ask them.

 | 
Pages: 1
Prev: ASP Classic site on II7 and Windows Server 2008
Next: Dot Net 2.0 SP1 messed up my Intranet