Greetings all,
I am a network security professional rather than a MS SQL admin, so I
apologize in advance if this is a bit of a basic question for this
list. I also cross-posted this to microsoft.publi c.sqlserver.ser ver,
so sorry if anyone's read it already.
I know an admin setting up a SQL server that will only be
accesible by a webserver running on the same host (not happy about
running private vs publicly avaialable services on the same host , but
it's what we've got). As such, I'd like to recommend to him that the
SQL server only listen on the localhost ip, 127.0.0.1, thereby making
it inaccesible to the outside world. I looked around the MS
knowledgebase but couldn't find a clear document stating how to do
this. Is it even possible? Is there a better option for this
configuration?
It's been suggested that firewalling is the only option, but I'd really
like to do *both* (firewall & bind to localhost). The firewall in this
case will have to be host-based instead (software) instead of hardware
for non-technical reasons, so additionally if anyone recommends a
software firewall they use for this purpose I'd appreciate it. My firs
impulse is to recommend Tiny, but I've never used a software firewall
for an MS SQL/Web server before.
Thanks,
Brian
2  5993 
One option is to disable network access completely, and use only shared
memory for access to MSSQL (this is how MSDE operates by default since
SP3), so only applications running on the same machine will be able to
access it. Although someone could still attack MSSQL by compromising
the web server, or using SQL injection.
MSSQL itself doesn't provide any way to accept connections from
specified hosts - you would normally use the operating system's IP
filtering functions to do that.
Simon
There isn't a way to have sql server listen on a specific ip. Sorry.
If you haven't already seen this, take a look at the Network
Configuration dialog on the general tab of the server's properties.
Two protocols are enabled by default. TCPIP is one of them, and you
can change the port and set it to ignore discovery broadcasts. That
would make the server invisible to anyone looking for it. However,
anyone who portscans the server would notice whatever port you put it
on and (I'd assume) be able to figure out that it's a SQL Server. So,
you do still need to firewall it.
The other protocol is called Named Pipes. That's basically using
memory to communicate. If the application you're developing supports
it, I'd suggest using this and turning off TCPIP support altogether.
This is probably faster anyway.
Chris
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Omar |
last post by:
When I try to databind my comboBox (specifically field "emplcode") to a
filled dataset , the contents of the comboBox displays a bunch of
"System.Data.DataRowView". I assume the amount of times
"System.Data.DataR..." is displayed inside the combobox is the amount of
records in the dataset. On the other hand, if my query is "select emplcode
from payemployee", the databind will work fine (but I don't want to limit
the dataset to one field)....
|
by: reiks |
last post by:
Do we any computed column for the datagrid?
Do we any expression property for the datagrid columns?
My requirement is I ought to bind the following expression
at design time
if(au_lname=="",' ',"hi"+au_lname)
Is it possible to do so?
|
by: Binod Nair |
last post by:
Hi All,
This is what I am trying to do.I have an aspx page with the the following
code block.
<asp:DropDownList id="DropDownList1" runat="server" DataSource="<%#
GetUsers%>" DataTextField="user_email" DataValueField="user_id">
</asp:DropDownList>
GetUsers is defined in the .vb file
|
by: Jordan |
last post by:
I'm curious if the whole point of Repeaters/Data Lists/Grids is
encapsulating additional functionality like add/update/edit/deletes, but
really does not provide any benefits when it comes to simply displaying
information.
For example, if I wanted ONLY to show information (not edit/adds/etc) in a
format that is similar, but has customized text (ex. make this word a link
if the quantity is > 0). Which of these methods would be better, if...
|
by: AC [MVP MCMS] |
last post by:
I have a full blown VS.NET 2003 solution with a handful of library
assemblies, two web projects, and a few web service projects. The
entire solution is in VSS. Recently our build server went haywire and
the best solution was to blow away everything on the build server
related to this solution (both filebase and virtual directories hanging
off the default website).
I recreated the shell of our solution's web projects...
| | |
by: google |
last post by:
I have created a simple HelloWorld application in WSE2.0 SP3.
When I browse to the endpoint url over http (e.g.
http://localhost/TestService.ashx) the WSDL is fine and I can create a
client proxy and call into the service. Examining the WSDL shows the
transport attribute is populated...
<wsdl:binding name="TestServiceBinding" type="tns:TestServicePortType">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http"...
|
by: Steven Bolard |
last post by:
Hello,
I am trying to port my .net 1.1 application to 2.0. I am using vs2005. I am
trying to get my webservices to run and although i can compile them and and
get wsdl and service descriptions through internet explorer when hitting the
..asmx url, i cannot generate a proxy class to use in my winforms assembly.
When i try to generate a proxy, i get no error message but nor do i get a
reference.vb so there is no type info. If i then try...
|
by: sugapablo |
last post by:
Here's my code:
<?php
$mysqli = new mysqli("localhost", "****", "********", "***********");
$idNum = "1030";
$sql = "select id,email from users where id ?;";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('s', $idNum);
|
by: Nicolas Caron |
last post by:
I can't import this wsdl file in wsdl.exe. Does anybody know why?
<?xml version="1.0" encoding="utf-8" ?>
- <definitions xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:xs="http://www.w3.org/2001/XMLSchema" name="Iboubouservice"
targetNamespace="http://tempuri.org/" xmlns:tns="http://tempuri.org/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
