I have an application which runs in many different stores. Stores
that are within a chain want to be able to share their client lists.
I want to implement a sync process where each application would ping a
central server every 5-10 mins to check for changes made by any other
store to the client list, if any changes are made it would download
the new or modified clients then upload any clients that were modified
localy. I want the stores to ping for changes, I don't want to try to
implement some kind of real time system where there changes would
always be stored directly on the server as they make them.
My application uses MSDE so I was thinking about just throwing MSDE on
a central server that all the other computers could access over an
internet connection and keeping a master client list in this database.
The applications in each store would connect directy to MSDE to send
and get the data needed. My question is, how secure would it be to
open up my sql server port to the internet so each store could connect
to it? Is it enough to set a user account for the database and set a
SA password? If not, what else do I need to do? Also, I know it is
possible to set the SA password to blank with a simple query, so
doesn't this mean that SQL Server would not be secure at all even if I
set a password for user SA?
How can I do this and keep it secure? Or is there a better overall
approach to doing this?
Thanks.