Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Security: ASP.Net + SQL Server DNZ

Thread Tools

Security: ASP.Net + SQL Server DNZ

Tushar Karsan
Posts: n/a
(Been reading other messages on this subject but could not find an answer,
that is why I'm posting this. Please note, although I have posted to several
groups, I've set follow-to in case I
posted to where I shouldn't have, sorry if I have).

I am woking on an ASP.Net app that will be in the DMZ and SQL Server will be
behind the firewall inside a secure zone. It seems as though there are two
possible methods of securing the DB:

1. Using integrated security.
a. This will use Win2K challege response machamism and hence passwords and
user-id's would not need to be handled in the web app.
b. This probably means that both ASP.Net and DB would have to be on the same
windows domain.

2. Using SQL Server security (do not know if it is the right name)
a. Connection-string will need to include both uid and pwd.
b. For security reasons, connection-string will need to be stored away from
the app in a secure place, probably encrypted.
c. At runtime the connection-string will need retrieving and decrypting and
passed as clear text to Open() method on connection.

It seems as though 2c makes it less secure if network is spoofed hence
method 1 seems to be the better option, is that correct? If so, port 1433
would need to be opened between the DMZ to DB zone, in that direction, is
that correct?

Any other pointers or suggestions will be much appreciated.


Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help. Getting a An error has occurred while establishing a connectionto the server. When connecting to SQL Server 2005, this failure may be causedby the fact that under the default settings SQL Server does not allow remote ASP .Net 0 05-03-2008 12:43 PM
Do the Self-Paced Training Kits: Microsoft SQL Server 2000 include Eval copy of SQL Server? Brian Whiting Microsoft Certification 2 12-29-2005 04:24 AM
sql server express vs sql server 2000 code Daves ASP .Net 1 06-13-2005 12:24 PM
Can't connect to SQL Server, using Windows Authentication users of SQL server? help =?Utf-8?B?UmV6YQ==?= ASP .Net 3 06-07-2004 06:42 PM
Security: ASP.Net + SQL Server DNZ Tushar Karsan ASP .Net 0 07-18-2003 02:51 PM