469,917 Members | 1,458 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,917 developers. It's quick & easy.

Access to internal database

Hi ,

We have a internal database application which we now need to update from a
website hosted at an external site.

We want users to be able to come to the website and see their very latest
information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.

What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?

Thanks

CMan
Nov 18 '05 #1
9 1775
The most secure is to set up each "user" as an NT account and force login.
This can end up as a maintenance nightmare, however. Outside of this, you
will have to create some form of security account table for each user of the
system. You can set up an admin role and user roles and have the admin for a
particular company control the user's access. That will take some of the
maintenance off your back. You will have to add these new tables (account,
role, etc.) to your database or a separate security database.

All db access should be done through stored procedures, if possible, as that
adds a security layer over ad hoc queries against tables. A "hacker" will
only have access to the data retrieved, updated, etc., by a procedure, which
you have control over. This is not possible with all types of databases.

---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
"CMan" wrote:
Hi ,

We have a internal database application which we now need to update from a
website hosted at an external site.

We want users to be able to come to the website and see their very latest
information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.

What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?

Thanks

CMan

Nov 18 '05 #2
If you are in Microsoft environment, you need to publish your database out
on your local ISA server. You can allow external access from only one
location, which is the webserver. The web server then would connect to the
database server by the ISA IP address. If you are going to pass secure data
between the web and database server, you will want to equip the database
server with a SSL certificate.

Eliyahu

"CMan" <cm**@nospam.nospam> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
Hi ,

We have a internal database application which we now need to update from a
website hosted at an external site.

We want users to be able to come to the website and see their very latest
information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.

What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?

Thanks

CMan

Nov 18 '05 #3
Webservices come to mind. You could have a webservice on yourend that would be triggered from the site. That way you canhave the site run off of your local DB even though it is hostedremotely. This is a problem however if your site does not havethe same type of redundency as your hosting environment. Ifyour servers go down so would site. Another way would be tosend the web site submitted data to the formatted flat file. That way you could just FTP down to your site securely wheneveryou wanted to.

Alan Washington
Hi ,

We have a internal database application which we now need toupdate from a
website hosted at an external site.

We want users to be able to come to the website and see theirvery latest
information. They should be able to update this data and submitit to a
holding area before it is checked by an operator and the liverecord
updated.

What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?

Thanks

CMan

User submitted from AEWNET (http://www.aewnet.com/)
Nov 18 '05 #4
http://msdn.microsoft.com/architectu...n/default.aspx

chanmm

"CMan" <cm**@nospam.nospam> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
Hi ,

We have a internal database application which we now need to update from a
website hosted at an external site.

We want users to be able to come to the website and see their very latest
information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.

What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?

Thanks

CMan

Nov 18 '05 #5
Thanks everyone,

So we can make the connection to the database server over SSL? Or do you
just mean between the web server and browser?
How do we set this up? Is it a simple SQL Server setting or win2000 network
setting?

How does SSL compare to using IPsec?
Can this all be done securely through win2000 alone or is third party
software required/preferred?

Thanks in advance.

CMan



"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:eQ**************@TK2MSFTNGP15.phx.gbl...
If you are in Microsoft environment, you need to publish your database out
on your local ISA server. You can allow external access from only one
location, which is the webserver. The web server then would connect to the
database server by the ISA IP address. If you are going to pass secure data between the web and database server, you will want to equip the database
server with a SSL certificate.

Eliyahu

"CMan" <cm**@nospam.nospam> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
Hi ,

We have a internal database application which we now need to update from a website hosted at an external site.

We want users to be able to come to the website and see their very latest information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.

What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?

Thanks

CMan


Nov 18 '05 #6
Yes, you can make SSL connection between the database server and the
webserver if you install a SSL certificate on the database server.

Microsoft document "Building Secure ASP.NET Applications" is a good strating
point. Can be downloaded from
http://www.microsoft.com/downloads/d...C-BF9C6593F25E

Eliyahu

"CMan" <cm**@nospam.nospam> wrote in message
news:uP**************@TK2MSFTNGP11.phx.gbl...
Thanks everyone,

So we can make the connection to the database server over SSL? Or do you
just mean between the web server and browser?
How do we set this up? Is it a simple SQL Server setting or win2000 network setting?

How does SSL compare to using IPsec?
Can this all be done securely through win2000 alone or is third party
software required/preferred?

Thanks in advance.

CMan



"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:eQ**************@TK2MSFTNGP15.phx.gbl...
If you are in Microsoft environment, you need to publish your database out
on your local ISA server. You can allow external access from only one
location, which is the webserver. The web server then would connect to the database server by the ISA IP address. If you are going to pass secure data
between the web and database server, you will want to equip the database
server with a SSL certificate.

Eliyahu

"CMan" <cm**@nospam.nospam> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
Hi ,

We have a internal database application which we now need to update from a website hosted at an external site.

We want users to be able to come to the website and see their very latest information. They should be able to update this data and submit it to

a holding area before it is checked by an operator and the live record
updated.

What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?

Thanks

CMan



Nov 18 '05 #7
Thanks Eliyahu,

This has been really helpful.

For this use would there be any problem generating our own certificate>

CMan

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:uU*************@TK2MSFTNGP09.phx.gbl...
Yes, you can make SSL connection between the database server and the
webserver if you install a SSL certificate on the database server.

Microsoft document "Building Secure ASP.NET Applications" is a good strating point. Can be downloaded from
http://www.microsoft.com/downloads/d...C-BF9C6593F25E
Eliyahu

"CMan" <cm**@nospam.nospam> wrote in message
news:uP**************@TK2MSFTNGP11.phx.gbl...
Thanks everyone,

So we can make the connection to the database server over SSL? Or do you
just mean between the web server and browser?
How do we set this up? Is it a simple SQL Server setting or win2000 network
setting?

How does SSL compare to using IPsec?
Can this all be done securely through win2000 alone or is third party
software required/preferred?

Thanks in advance.

CMan



"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:eQ**************@TK2MSFTNGP15.phx.gbl...
If you are in Microsoft environment, you need to publish your database

out on your local ISA server. You can allow external access from only one
location, which is the webserver. The web server then would connect to the database server by the ISA IP address. If you are going to pass secure

data
between the web and database server, you will want to equip the database server with a SSL certificate.

Eliyahu

"CMan" <cm**@nospam.nospam> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
> Hi ,
>
> We have a internal database application which we now need to update from
a
> website hosted at an external site.
>
> We want users to be able to come to the website and see their very

latest
> information. They should be able to update this data and submit it

to a > holding area before it is checked by an operator and the live record
> updated.
>
> What is the best and most secure way to achieve this scenario?
> How should the website be connected to the internal database?
>
> Thanks
>
> CMan
>
>



Nov 18 '05 #8
Theoretically there should not be any problem. Never did it myself though.

Eliyahu

"CMan" <cm**@nospam.nospam> wrote in message
news:%2******************@TK2MSFTNGP12.phx.gbl...
Thanks Eliyahu,

This has been really helpful.

For this use would there be any problem generating our own certificate>

CMan

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:uU*************@TK2MSFTNGP09.phx.gbl...
Yes, you can make SSL connection between the database server and the
webserver if you install a SSL certificate on the database server.

Microsoft document "Building Secure ASP.NET Applications" is a good

strating
point. Can be downloaded from

http://www.microsoft.com/downloads/d...C-BF9C6593F25E

Eliyahu

"CMan" <cm**@nospam.nospam> wrote in message
news:uP**************@TK2MSFTNGP11.phx.gbl...
Thanks everyone,

So we can make the connection to the database server over SSL? Or do you just mean between the web server and browser?
How do we set this up? Is it a simple SQL Server setting or win2000

network
setting?

How does SSL compare to using IPsec?
Can this all be done securely through win2000 alone or is third party
software required/preferred?

Thanks in advance.

CMan



"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:eQ**************@TK2MSFTNGP15.phx.gbl...
> If you are in Microsoft environment, you need to publish your database
out
> on your local ISA server. You can allow external access from only
one > location, which is the webserver. The web server then would connect to
the
> database server by the ISA IP address. If you are going to pass
secure data
> between the web and database server, you will want to equip the

database > server with a SSL certificate.
>
> Eliyahu
>
> "CMan" <cm**@nospam.nospam> wrote in message
> news:%2****************@TK2MSFTNGP12.phx.gbl...
> > Hi ,
> >
> > We have a internal database application which we now need to update from
a
> > website hosted at an external site.
> >
> > We want users to be able to come to the website and see their very
latest
> > information. They should be able to update this data and submit it

to
a
> > holding area before it is checked by an operator and the live

record > > updated.
> >
> > What is the best and most secure way to achieve this scenario?
> > How should the website be connected to the internal database?
> >
> > Thanks
> >
> > CMan
> >
> >
>
>



Nov 18 '05 #9
Thanks.
"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:u$**************@TK2MSFTNGP15.phx.gbl...
Theoretically there should not be any problem. Never did it myself though.

Eliyahu

"CMan" <cm**@nospam.nospam> wrote in message
news:%2******************@TK2MSFTNGP12.phx.gbl...
Thanks Eliyahu,

This has been really helpful.

For this use would there be any problem generating our own certificate>

CMan

"Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
news:uU*************@TK2MSFTNGP09.phx.gbl...
Yes, you can make SSL connection between the database server and the
webserver if you install a SSL certificate on the database server.

Microsoft document "Building Secure ASP.NET Applications" is a good strating
point. Can be downloaded from

http://www.microsoft.com/downloads/d...C-BF9C6593F25E

Eliyahu

"CMan" <cm**@nospam.nospam> wrote in message
news:uP**************@TK2MSFTNGP11.phx.gbl...
> Thanks everyone,
>
> So we can make the connection to the database server over SSL? Or do
you
> just mean between the web server and browser?
> How do we set this up? Is it a simple SQL Server setting or win2000
network
> setting?
>
> How does SSL compare to using IPsec?
> Can this all be done securely through win2000 alone or is third
party > software required/preferred?
>
> Thanks in advance.
>
> CMan
>
>
>
>
>
>
>
> "Eliyahu Goldin" <re*************@monarchmed.com> wrote in message
> news:eQ**************@TK2MSFTNGP15.phx.gbl...
> > If you are in Microsoft environment, you need to publish your database out
> > on your local ISA server. You can allow external access from only one > > location, which is the webserver. The web server then would connect to
the
> > database server by the ISA IP address. If you are going to pass secure > data
> > between the web and database server, you will want to equip the

database
> > server with a SSL certificate.
> >
> > Eliyahu
> >
> > "CMan" <cm**@nospam.nospam> wrote in message
> > news:%2****************@TK2MSFTNGP12.phx.gbl...
> > > Hi ,
> > >
> > > We have a internal database application which we now need to update from
> a
> > > website hosted at an external site.
> > >
> > > We want users to be able to come to the website and see their
very > latest
> > > information. They should be able to update this data and submit

it to
a
> > > holding area before it is checked by an operator and the live

record > > > updated.
> > >
> > > What is the best and most secure way to achieve this scenario?
> > > How should the website be connected to the internal database?
> > >
> > > Thanks
> > >
> > > CMan
> > >
> > >
> >
> >
>
>



Nov 18 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Maria | last post: by
4 posts views Thread by Oyvind | last post: by
3 posts views Thread by Chua Wen Ching | last post: by
3 posts views Thread by phil cunningham | last post: by
17 posts views Thread by Mell via AccessMonster.com | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.