Ask a Question related to ASP.NET Security, Design and Development.
-
CMan #1
Access to internal database
Hi ,
We have a internal database application which we now need to update from a
website hosted at an external site.
We want users to be able to come to the website and see their very latest
information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.
What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?
Thanks
CMan
CMan Guest
-
Web Services - Internal Access Modifier
How can I set the access modifier of my web references to internal. By default, a web reference has a public reference modifier. It constituts a... -
Access Database with ASP
I'm new to using Flash with a database, but I need to set up a Flash application that will access data in my MS Access database. I would be using... -
How to use MS Access Database
ntsiii, I tried downloading your link to your example file and can't find it. Can you please repost? Thanks in advance. -
Access is denied. / HTTP 500 – Internal server error
Hi, Looking for what I changed and how to correct. I have a Windows 2003 Sever that I have had running fine several .NET websites for over a... -
Write Access to Access DataBase
I'm trying to update a Access Database from information gained from a ASPX page. The database will not update. I'm sure it is in some security... -
Cowboy (Gregory A. Beamer) - MVP #2 RE: Access to internal database
The most secure is to set up each "user" as an NT account and force login.
This can end up as a maintenance nightmare, however. Outside of this, you
will have to create some form of security account table for each user of the
system. You can set up an admin role and user roles and have the admin for a
particular company control the user's access. That will take some of the
maintenance off your back. You will have to add these new tables (account,
role, etc.) to your database or a separate security database.
All db access should be done through stored procedures, if possible, as that
adds a security layer over ad hoc queries against tables. A "hacker" will
only have access to the data retrieved, updated, etc., by a procedure, which
you have control over. This is not possible with all types of databases.
---
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
***************************
Think Outside the Box!
***************************
"CMan" wrote:
> Hi ,
>
> We have a internal database application which we now need to update from a
> website hosted at an external site.
>
> We want users to be able to come to the website and see their very latest
> information. They should be able to update this data and submit it to a
> holding area before it is checked by an operator and the live record
> updated.
>
> What is the best and most secure way to achieve this scenario?
> How should the website be connected to the internal database?
>
> Thanks
>
> CMan
>
>
>Cowboy (Gregory A. Beamer) - MVP Guest
-
Eliyahu Goldin #3 Re: Access to internal database
If you are in Microsoft environment, you need to publish your database out
on your local ISA server. You can allow external access from only one
location, which is the webserver. The web server then would connect to the
database server by the ISA IP address. If you are going to pass secure data
between the web and database server, you will want to equip the database
server with a SSL certificate.
Eliyahu
"CMan" <cman@nospam.nospam> wrote in message
news:%23WG3iInxEHA.3376@TK2MSFTNGP12.phx.gbl...> Hi ,
>
> We have a internal database application which we now need to update from a
> website hosted at an external site.
>
> We want users to be able to come to the website and see their very latest
> information. They should be able to update this data and submit it to a
> holding area before it is checked by an operator and the live record
> updated.
>
> What is the best and most secure way to achieve this scenario?
> How should the website be connected to the internal database?
>
> Thanks
>
> CMan
>
>
Eliyahu Goldin Guest
-
chanmmn #4 Re: Access to internal database
[url]http://msdn.microsoft.com/architecture/application/default.aspx[/url]
chanmm
"CMan" <cman@nospam.nospam> wrote in message
news:%23WG3iInxEHA.3376@TK2MSFTNGP12.phx.gbl...> Hi ,
>
> We have a internal database application which we now need to update from a
> website hosted at an external site.
>
> We want users to be able to come to the website and see their very latest
> information. They should be able to update this data and submit it to a
> holding area before it is checked by an operator and the live record
> updated.
>
> What is the best and most secure way to achieve this scenario?
> How should the website be connected to the internal database?
>
> Thanks
>
> CMan
>
>
chanmmn Guest
-
CMan #5 Re: Access to internal database
Thanks everyone,
So we can make the connection to the database server over SSL? Or do you
just mean between the web server and browser?
How do we set this up? Is it a simple SQL Server setting or win2000 network
setting?
How does SSL compare to using IPsec?
Can this all be done securely through win2000 alone or is third party
software required/preferred?
Thanks in advance.
CMan
"Eliyahu Goldin" <removemeegoldin@monarchmed.com> wrote in message
news:eQLKiRnxEHA.2012@TK2MSFTNGP15.phx.gbl...data> If you are in Microsoft environment, you need to publish your database out
> on your local ISA server. You can allow external access from only one
> location, which is the webserver. The web server then would connect to the
> database server by the ISA IP address. If you are going to pass securea> between the web and database server, you will want to equip the database
> server with a SSL certificate.
>
> Eliyahu
>
> "CMan" <cman@nospam.nospam> wrote in message
> news:%23WG3iInxEHA.3376@TK2MSFTNGP12.phx.gbl...> > Hi ,
> >
> > We have a internal database application which we now need to update fromlatest> > website hosted at an external site.
> >
> > We want users to be able to come to the website and see their very>> > information. They should be able to update this data and submit it to a
> > holding area before it is checked by an operator and the live record
> > updated.
> >
> > What is the best and most secure way to achieve this scenario?
> > How should the website be connected to the internal database?
> >
> > Thanks
> >
> > CMan
> >
> >
>
CMan Guest
-
Eliyahu Goldin #6 Re: Access to internal database
Yes, you can make SSL connection between the database server and the
webserver if you install a SSL certificate on the database server.
Microsoft document "Building Secure ASP.NET Applications" is a good strating
point. Can be downloaded from
[url]http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E[/url]
Eliyahu
"CMan" <cman@nospam.nospam> wrote in message
news:uPvGRlxxEHA.1400@TK2MSFTNGP11.phx.gbl...network> Thanks everyone,
>
> So we can make the connection to the database server over SSL? Or do you
> just mean between the web server and browser?
> How do we set this up? Is it a simple SQL Server setting or win2000out> setting?
>
> How does SSL compare to using IPsec?
> Can this all be done securely through win2000 alone or is third party
> software required/preferred?
>
> Thanks in advance.
>
> CMan
>
>
>
>
>
>
>
> "Eliyahu Goldin" <removemeegoldin@monarchmed.com> wrote in message
> news:eQLKiRnxEHA.2012@TK2MSFTNGP15.phx.gbl...> > If you are in Microsoft environment, you need to publish your databasethe> > on your local ISA server. You can allow external access from only one
> > location, which is the webserver. The web server then would connect tofrom> data> > database server by the ISA IP address. If you are going to pass secure> > between the web and database server, you will want to equip the database
> > server with a SSL certificate.
> >
> > Eliyahu
> >
> > "CMan" <cman@nospam.nospam> wrote in message
> > news:%23WG3iInxEHA.3376@TK2MSFTNGP12.phx.gbl...> > > Hi ,
> > >
> > > We have a internal database application which we now need to updatea> a> latest> > > website hosted at an external site.
> > >
> > > We want users to be able to come to the website and see their very> > > information. They should be able to update this data and submit it to>> >> > > holding area before it is checked by an operator and the live record
> > > updated.
> > >
> > > What is the best and most secure way to achieve this scenario?
> > > How should the website be connected to the internal database?
> > >
> > > Thanks
> > >
> > > CMan
> > >
> > >
> >
>
Eliyahu Goldin Guest
-
CMan #7 Re: Access to internal database
Thanks Eliyahu,
This has been really helpful.
For this use would there be any problem generating our own certificate>
CMan
"Eliyahu Goldin" <removemeegoldin@monarchmed.com> wrote in message
news:uU4Rh9xxEHA.484@TK2MSFTNGP09.phx.gbl...strating> Yes, you can make SSL connection between the database server and the
> webserver if you install a SSL certificate on the database server.
>
> Microsoft document "Building Secure ASP.NET Applications" is a good[url]http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E[/url]> point. Can be downloaded from
>you>
> Eliyahu
>
> "CMan" <cman@nospam.nospam> wrote in message
> news:uPvGRlxxEHA.1400@TK2MSFTNGP11.phx.gbl...> > Thanks everyone,
> >
> > So we can make the connection to the database server over SSL? Or dodatabase> network> > just mean between the web server and browser?
> > How do we set this up? Is it a simple SQL Server setting or win2000> out> > setting?
> >
> > How does SSL compare to using IPsec?
> > Can this all be done securely through win2000 alone or is third party
> > software required/preferred?
> >
> > Thanks in advance.
> >
> > CMan
> >
> >
> >
> >
> >
> >
> >
> > "Eliyahu Goldin" <removemeegoldin@monarchmed.com> wrote in message
> > news:eQLKiRnxEHA.2012@TK2MSFTNGP15.phx.gbl...> > > If you are in Microsoft environment, you need to publish your database> the> > > on your local ISA server. You can allow external access from only one
> > > location, which is the webserver. The web server then would connect to> > data> > > database server by the ISA IP address. If you are going to pass secure> > > between the web and database server, you will want to equip theto> from> > > server with a SSL certificate.
> > >
> > > Eliyahu
> > >
> > > "CMan" <cman@nospam.nospam> wrote in message
> > > news:%23WG3iInxEHA.3376@TK2MSFTNGP12.phx.gbl...
> > > > Hi ,
> > > >
> > > > We have a internal database application which we now need to update> > a> > latest> > > > website hosted at an external site.
> > > >
> > > > We want users to be able to come to the website and see their very> > > > information. They should be able to update this data and submit it> a>> >> > > > holding area before it is checked by an operator and the live record
> > > > updated.
> > > >
> > > > What is the best and most secure way to achieve this scenario?
> > > > How should the website be connected to the internal database?
> > > >
> > > > Thanks
> > > >
> > > > CMan
> > > >
> > > >
> > >
> > >
> >
>
CMan Guest
-
Eliyahu Goldin #8 Re: Access to internal database
Theoretically there should not be any problem. Never did it myself though.
Eliyahu
"CMan" <cman@nospam.nospam> wrote in message
news:%23j7vKt%23xEHA.2876@TK2MSFTNGP12.phx.gbl...[url]http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E[/url]> Thanks Eliyahu,
>
> This has been really helpful.
>
> For this use would there be any problem generating our own certificate>
>
> CMan
>
>
>
> "Eliyahu Goldin" <removemeegoldin@monarchmed.com> wrote in message
> news:uU4Rh9xxEHA.484@TK2MSFTNGP09.phx.gbl...> strating> > Yes, you can make SSL connection between the database server and the
> > webserver if you install a SSL certificate on the database server.
> >
> > Microsoft document "Building Secure ASP.NET Applications" is a good>> > point. Can be downloaded from
> >database> you> >
> > Eliyahu
> >
> > "CMan" <cman@nospam.nospam> wrote in message
> > news:uPvGRlxxEHA.1400@TK2MSFTNGP11.phx.gbl...> > > Thanks everyone,
> > >
> > > So we can make the connection to the database server over SSL? Or do> > network> > > just mean between the web server and browser?
> > > How do we set this up? Is it a simple SQL Server setting or win2000> > > setting?
> > >
> > > How does SSL compare to using IPsec?
> > > Can this all be done securely through win2000 alone or is third party
> > > software required/preferred?
> > >
> > > Thanks in advance.
> > >
> > > CMan
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > "Eliyahu Goldin" <removemeegoldin@monarchmed.com> wrote in message
> > > news:eQLKiRnxEHA.2012@TK2MSFTNGP15.phx.gbl...
> > > > If you are in Microsoft environment, you need to publish yourone> > out> > > > on your local ISA server. You can allow external access from onlyto> > > > location, which is the webserver. The web server then would connectsecure> > the> > > > database server by the ISA IP address. If you are going to passupdate> database> > > data
> > > > between the web and database server, you will want to equip the> > > > server with a SSL certificate.
> > > >
> > > > Eliyahu
> > > >
> > > > "CMan" <cman@nospam.nospam> wrote in message
> > > > news:%23WG3iInxEHA.3376@TK2MSFTNGP12.phx.gbl...
> > > > > Hi ,
> > > > >
> > > > > We have a internal database application which we now need torecord> to> > from> > > a
> > > > > website hosted at an external site.
> > > > >
> > > > > We want users to be able to come to the website and see their very
> > > latest
> > > > > information. They should be able to update this data and submit it> > a> > > > > holding area before it is checked by an operator and the live>> >> > > > > updated.
> > > > >
> > > > > What is the best and most secure way to achieve this scenario?
> > > > > How should the website be connected to the internal database?
> > > > >
> > > > > Thanks
> > > > >
> > > > > CMan
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
Eliyahu Goldin Guest
-
CMan #9 Re: Access to internal database
Thanks.
"Eliyahu Goldin" <removemeegoldin@monarchmed.com> wrote in message
news:u$oZkG$xEHA.2012@TK2MSFTNGP15.phx.gbl...[url]http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E[/url]> Theoretically there should not be any problem. Never did it myself though.
>
> Eliyahu
>
> "CMan" <cman@nospam.nospam> wrote in message
> news:%23j7vKt%23xEHA.2876@TK2MSFTNGP12.phx.gbl...>> > Thanks Eliyahu,
> >
> > This has been really helpful.
> >
> > For this use would there be any problem generating our own certificate>
> >
> > CMan
> >
> >
> >
> > "Eliyahu Goldin" <removemeegoldin@monarchmed.com> wrote in message
> > news:uU4Rh9xxEHA.484@TK2MSFTNGP09.phx.gbl...> > strating> > > Yes, you can make SSL connection between the database server and the
> > > webserver if you install a SSL certificate on the database server.
> > >
> > > Microsoft document "Building Secure ASP.NET Applications" is a good> >> > > point. Can be downloaded from
> > >do> > >
> > > Eliyahu
> > >
> > > "CMan" <cman@nospam.nospam> wrote in message
> > > news:uPvGRlxxEHA.1400@TK2MSFTNGP11.phx.gbl...
> > > > Thanks everyone,
> > > >
> > > > So we can make the connection to the database server over SSL? Orparty> > you> > > > just mean between the web server and browser?
> > > > How do we set this up? Is it a simple SQL Server setting or win2000
> > > network
> > > > setting?
> > > >
> > > > How does SSL compare to using IPsec?
> > > > Can this all be done securely through win2000 alone or is thirdconnect> database> > > > software required/preferred?
> > > >
> > > > Thanks in advance.
> > > >
> > > > CMan
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > "Eliyahu Goldin" <removemeegoldin@monarchmed.com> wrote in message
> > > > news:eQLKiRnxEHA.2012@TK2MSFTNGP15.phx.gbl...
> > > > > If you are in Microsoft environment, you need to publish your> one> > > out
> > > > > on your local ISA server. You can allow external access from only> > > > > location, which is the webserver. The web server then wouldvery> to> secure> > > the
> > > > > database server by the ISA IP address. If you are going to pass> update> > database> > > > data
> > > > > between the web and database server, you will want to equip the> > > > > server with a SSL certificate.
> > > > >
> > > > > Eliyahu
> > > > >
> > > > > "CMan" <cman@nospam.nospam> wrote in message
> > > > > news:%23WG3iInxEHA.3376@TK2MSFTNGP12.phx.gbl...
> > > > > > Hi ,
> > > > > >
> > > > > > We have a internal database application which we now need to> > > from
> > > > a
> > > > > > website hosted at an external site.
> > > > > >
> > > > > > We want users to be able to come to the website and see theirit> > > > latest
> > > > > > information. They should be able to update this data and submit> record> > to> > > a
> > > > > > holding area before it is checked by an operator and the live>> >> > > > > > updated.
> > > > > >
> > > > > > What is the best and most secure way to achieve this scenario?
> > > > > > How should the website be connected to the internal database?
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > CMan
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
CMan Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
