Hi ,
We have a internal database application which we now need to update from a
website hosted at an external site.
We want users to be able to come to the website and see their very latest
information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.
What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?
Thanks
CMan
9  1942 
The most secure is to set up each "user" as an NT account and force login.
This can end up as a maintenance nightmare, however. Outside of this, you
will have to create some form of security account table for each user of the
system. You can set up an admin role and user roles and have the admin for a
particular company control the user's access. That will take some of the
maintenance off your back. You will have to add these new tables (account,
role, etc.) to your database or a separate security database.
All db access should be done through stored procedures, if possible, as that
adds a security layer over ad hoc queries against tables. A "hacker" will
only have access to the data retrieved, updated, etc., by a procedure, which
you have control over. This is not possible with all types of databases.
---
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
*************** ************
Think Outside the Box!
*************** ************
"CMan" wrote: Hi ,
We have a internal database application which we now need to update from a
website hosted at an external site.
We want users to be able to come to the website and see their very latest
information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.
What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?
Thanks
CMan
If you are in Microsoft environment, you need to publish your database out
on your local ISA server. You can allow external access from only one
location, which is the webserver. The web server then would connect to the
database server by the ISA IP address. If you are going to pass secure data
between the web and database server, you will want to equip the database
server with a SSL certificate.
Eliyahu
"CMan" <cm**@nospam.no spam> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. .. Hi ,
We have a internal database application which we now need to update from a
website hosted at an external site.
We want users to be able to come to the website and see their very latest
information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.
What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?
Thanks
CMan
Webservices come to mind. You could have a webservice on yourend that would be triggered from the site. That way you canhave the site run off of your local DB even though it is hostedremotely. This is a problem however if your site does not havethe same type of redundency as your hosting environment. Ifyour servers go down so would site. Another way would be tosend the web site submitted data to the formatted flat file. That way you could just FTP down to your site securely wheneveryou wanted to.
Alan Washington Hi ,
We have a internal database application which we now need toupdate from a
website hosted at an external site.
We want users to be able to come to the website and see theirvery latest
information. They should be able to update this data and submitit to a
holding area before it is checked by an operator and the liverecord
updated.
What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?
Thanks
CMan
User submitted from AEWNET ( http://www.aewnet.com/) http://msdn.microsoft.com/architectu...n/default.aspx
chanmm
"CMan" <cm**@nospam.no spam> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. .. Hi ,
We have a internal database application which we now need to update from a
website hosted at an external site.
We want users to be able to come to the website and see their very latest
information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.
What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?
Thanks
CMan
Thanks everyone,
So we can make the connection to the database server over SSL? Or do you
just mean between the web server and browser?
How do we set this up? Is it a simple SQL Server setting or win2000 network
setting?
How does SSL compare to using IPsec?
Can this all be done securely through win2000 alone or is third party
software required/preferred?
Thanks in advance.
CMan
"Eliyahu Goldin" <re************ *@monarchmed.co m> wrote in message
news:eQ******** ******@TK2MSFTN GP15.phx.gbl... If you are in Microsoft environment, you need to publish your database out
on your local ISA server. You can allow external access from only one
location, which is the webserver. The web server then would connect to the
database server by the ISA IP address. If you are going to pass secure
data between the web and database server, you will want to equip the database
server with a SSL certificate.
Eliyahu
"CMan" <cm**@nospam.no spam> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. .. Hi ,
We have a internal database application which we now need to update from
a website hosted at an external site.
We want users to be able to come to the website and see their very
latest information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.
What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?
Thanks
CMan
Yes, you can make SSL connection between the database server and the
webserver if you install a SSL certificate on the database server.
Microsoft document "Building Secure ASP.NET Applications" is a good strating
point. Can be downloaded from http://www.microsoft.com/downloads/d...C-BF9C6593F25E
Eliyahu
"CMan" <cm**@nospam.no spam> wrote in message
news:uP******** ******@TK2MSFTN GP11.phx.gbl... Thanks everyone,
So we can make the connection to the database server over SSL? Or do you
just mean between the web server and browser?
How do we set this up? Is it a simple SQL Server setting or win2000
network setting?
How does SSL compare to using IPsec?
Can this all be done securely through win2000 alone or is third party
software required/preferred?
Thanks in advance.
CMan
"Eliyahu Goldin" <re************ *@monarchmed.co m> wrote in message
news:eQ******** ******@TK2MSFTN GP15.phx.gbl... If you are in Microsoft environment, you need to publish your database
out on your local ISA server. You can allow external access from only one
location, which is the webserver. The web server then would connect to
the database server by the ISA IP address. If you are going to pass secure data between the web and database server, you will want to equip the database
server with a SSL certificate.
Eliyahu
"CMan" <cm**@nospam.no spam> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. .. Hi ,
We have a internal database application which we now need to update
from a website hosted at an external site.
We want users to be able to come to the website and see their very latest information. They should be able to update this data and submit it to
a holding area before it is checked by an operator and the live record
updated.
What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?
Thanks
CMan
Thanks Eliyahu,
This has been really helpful.
For this use would there be any problem generating our own certificate>
CMan
"Eliyahu Goldin" <re************ *@monarchmed.co m> wrote in message
news:uU******** *****@TK2MSFTNG P09.phx.gbl... Yes, you can make SSL connection between the database server and the
webserver if you install a SSL certificate on the database server.
Microsoft document "Building Secure ASP.NET Applications" is a good
strating point. Can be downloaded from
http://www.microsoft.com/downloads/d...C-BF9C6593F25E
Eliyahu
"CMan" <cm**@nospam.no spam> wrote in message
news:uP******** ******@TK2MSFTN GP11.phx.gbl... Thanks everyone,
So we can make the connection to the database server over SSL? Or do
you just mean between the web server and browser?
How do we set this up? Is it a simple SQL Server setting or win2000 network setting?
How does SSL compare to using IPsec?
Can this all be done securely through win2000 alone or is third party
software required/preferred?
Thanks in advance.
CMan
"Eliyahu Goldin" <re************ *@monarchmed.co m> wrote in message
news:eQ******** ******@TK2MSFTN GP15.phx.gbl... If you are in Microsoft environment, you need to publish your database
out on your local ISA server. You can allow external access from only one
location, which is the webserver. The web server then would connect to the database server by the ISA IP address. If you are going to pass secure
data between the web and database server, you will want to equip the
database server with a SSL certificate.
Eliyahu
"CMan" <cm**@nospam.no spam> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. ..
> Hi ,
>
> We have a internal database application which we now need to update from a > website hosted at an external site.
>
> We want users to be able to come to the website and see their very
latest > information. They should be able to update this data and submit it
to a > holding area before it is checked by an operator and the live record
> updated.
>
> What is the best and most secure way to achieve this scenario?
> How should the website be connected to the internal database?
>
> Thanks
>
> CMan
>
>
Theoretically there should not be any problem. Never did it myself though.
Eliyahu
"CMan" <cm**@nospam.no spam> wrote in message
news:%2******** **********@TK2M SFTNGP12.phx.gb l... Thanks Eliyahu,
This has been really helpful.
For this use would there be any problem generating our own certificate>
CMan
"Eliyahu Goldin" <re************ *@monarchmed.co m> wrote in message
news:uU******** *****@TK2MSFTNG P09.phx.gbl... Yes, you can make SSL connection between the database server and the
webserver if you install a SSL certificate on the database server.
Microsoft document "Building Secure ASP.NET Applications" is a good
strating point. Can be downloaded from http://www.microsoft.com/downloads/d...C-BF9C6593F25E
Eliyahu
"CMan" <cm**@nospam.no spam> wrote in message
news:uP******** ******@TK2MSFTN GP11.phx.gbl... Thanks everyone,
So we can make the connection to the database server over SSL? Or do you just mean between the web server and browser?
How do we set this up? Is it a simple SQL Server setting or win2000
network setting?
How does SSL compare to using IPsec?
Can this all be done securely through win2000 alone or is third party
software required/preferred?
Thanks in advance.
CMan
"Eliyahu Goldin" <re************ *@monarchmed.co m> wrote in message
news:eQ******** ******@TK2MSFTN GP15.phx.gbl...
> If you are in Microsoft environment, you need to publish your
database out > on your local ISA server. You can allow external access from only
one > location, which is the webserver. The web server then would connect
to the > database server by the ISA IP address. If you are going to pass
secure data
> between the web and database server, you will want to equip the
database > server with a SSL certificate.
>
> Eliyahu
>
> "CMan" <cm**@nospam.no spam> wrote in message
> news:%2******** ********@TK2MSF TNGP12.phx.gbl. ..
> > Hi ,
> >
> > We have a internal database application which we now need to
update from a
> > website hosted at an external site.
> >
> > We want users to be able to come to the website and see their very
latest
> > information. They should be able to update this data and submit it
to a > > holding area before it is checked by an operator and the live
record > > updated.
> >
> > What is the best and most secure way to achieve this scenario?
> > How should the website be connected to the internal database?
> >
> > Thanks
> >
> > CMan
> >
> >
>
>
Thanks.
"Eliyahu Goldin" <re************ *@monarchmed.co m> wrote in message
news:u$******** ******@TK2MSFTN GP15.phx.gbl... Theoretically there should not be any problem. Never did it myself though.
Eliyahu
"CMan" <cm**@nospam.no spam> wrote in message
news:%2******** **********@TK2M SFTNGP12.phx.gb l... Thanks Eliyahu,
This has been really helpful.
For this use would there be any problem generating our own certificate>
CMan
"Eliyahu Goldin" <re************ *@monarchmed.co m> wrote in message
news:uU******** *****@TK2MSFTNG P09.phx.gbl... Yes, you can make SSL connection between the database server and the
webserver if you install a SSL certificate on the database server.
Microsoft document "Building Secure ASP.NET Applications" is a good strating point. Can be downloaded from
http://www.microsoft.com/downloads/d...C-BF9C6593F25E
Eliyahu
"CMan" <cm**@nospam.no spam> wrote in message
news:uP******** ******@TK2MSFTN GP11.phx.gbl...
> Thanks everyone,
>
> So we can make the connection to the database server over SSL? Or
do you > just mean between the web server and browser?
> How do we set this up? Is it a simple SQL Server setting or win2000
network
> setting?
>
> How does SSL compare to using IPsec?
> Can this all be done securely through win2000 alone or is third
party > software required/preferred?
>
> Thanks in advance.
>
> CMan
>
>
>
>
>
>
>
> "Eliyahu Goldin" <re************ *@monarchmed.co m> wrote in message
> news:eQ******** ******@TK2MSFTN GP15.phx.gbl...
> > If you are in Microsoft environment, you need to publish your database out
> > on your local ISA server. You can allow external access from only one > > location, which is the webserver. The web server then would
connect to the
> > database server by the ISA IP address. If you are going to pass secure > data
> > between the web and database server, you will want to equip the
database > > server with a SSL certificate.
> >
> > Eliyahu
> >
> > "CMan" <cm**@nospam.no spam> wrote in message
> > news:%2******** ********@TK2MSF TNGP12.phx.gbl. ..
> > > Hi ,
> > >
> > > We have a internal database application which we now need to update from
> a
> > > website hosted at an external site.
> > >
> > > We want users to be able to come to the website and see their
very > latest
> > > information. They should be able to update this data and submit
it to a
> > > holding area before it is checked by an operator and the live
record > > > updated.
> > >
> > > What is the best and most secure way to achieve this scenario?
> > > How should the website be connected to the internal database?
> > >
> > > Thanks
> > >
> > > CMan
> > >
> > >
> >
> >
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Maria |
last post by:
Hi Everyone
This is a data base question so don't switch off thinking it is a Data
Protection Act Question.
I'm Looking for some general information regarding the UK Law on
rights to access data within a database provided by a third party
software provider.
They are preventing me from ODBC Access to their data base and say
|
by: Chuck Grimsby |
last post by:
(Repost, due to lack of submissions...)
The Microsoft Access Product Group (the people who build Microsoft
Access) want your help!
One of the main things we're working on for the near future is a
conversion tool to take Microsoft Access 97 databases (primarily, but
also Microsoft Access 2000 or 2002/XP databases) up to Microsoft
Office Access 2003. For us to do this, we need sample databases from
*you*, our customers, to ensure a...
|
by: Oyvind |
last post by:
I'm working on a Windows forms/C# database application. My background is
6-7 years of VB 4 - 6, MS Access, VC++, mixed in with a lot of T-SQL and MS
SQL Server in general and some OOA/OOD.
Previously, I haven't been overly impressed with the capabilities of the
various "graphical" data access tools that have been provided with VB etc.
Though deceptively simple to get started with, IMHO they haven't provided
the necessary flexibility...
|
by: Chua Wen Ching |
last post by:
Hi there,
I had seen examples for classes, but i had no idea how to implement the same
thing in struct. I am quite mix up!
Which one is correct?
Scenario:
WForm.cs - the one that calls FileA.cs to access the structures
FileA.cs - contains all structures
|
by: JonnyD |
last post by:
I am working on a project to build a reporting web app from an exsiting
database that is controled by a local application. The application that
has control over the database creates a lock file to the database and
at that point I can no longer access the database with my web app. Is
there anyway around this? All I need is read only access to the
database to get some report information to display on the web page.
The error I get on the...
| | |
by: phil cunningham |
last post by:
I am using Access to run a database within the company and also have a
website that makes some of the information available to the general public
And so far everything is working very well
q. is there any problem using Access to do all our internal work while the
DB is exposed to the web
q. if I move to SQL server can I still use all the features of Access (VBA
reporting etc) for our internal work
|
by: Mell via AccessMonster.com |
last post by:
Is there a way to find out where an application was created from?
i.e. - work or home
i.e. - if application sits on a (work) server/network, the IT people know the
application is sitting there, but is there a way they can find out if that
application was put there from a CD or email or created at work?
Hint: It's not on a client/server database, just native jet database mdb
created on Access 2003 (default 2000)...
|
by: samadams_2006 |
last post by:
I'm having a problem in accessing a Microsoft Access Database in a
VB.NET Web Application. It's so straight forward, I thought I'd walk
you through all the details here:
1) I have a .NET Web Application called "Lesson18b" under
"C:\Inetpub\wwwroot\Lesson18b".
2) I have one Web Form on this Lesson called "Form18b.aspx"
3) In this same Folder under Inetpub I have the Microsoft NorthWinds
|
by: JT |
last post by:
Here is the overall structure I will be referring to:
End-program
ProvideWorkFlow.dll
Forms and methods that properly manipulate calls to methods in
AccessUtils
AccessUtils (a web service)
Hide.dll
methods and data I want to remain hidden
I have a DLL, Hide.dll, that contains methods that I want to handle for
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
