none
Need client-server architecture reference RRS feed

  • Question

  • Hello

     

    We are designing architecture for Windows client application using MS SQL Server as data store. Windows client will be installed on customer’s machines. The data is to be stored on our side. The data will be transferred to the client via Internet.

    In my understanding it is not secure to allow direct access to the database via Internet. And we should have some web-service layer in order to hide the database structure, limit the amount of allowed operations on the data, perform some basic authorization, etc.

    But my boss seems not to understand the whole importance of these security needs. Could you please advice my some official guidance or reference addressing security of such architecture.

     

    Thanks in advance!

    Tuesday, September 22, 2009 8:10 PM

All replies

  • The "simple" answer to this, which you can use to discuss with management, is pretty much as follows:

    If you have a client program communicate directly to the database, then you need to do a couple of things.

    1) The database will be publicly facing.  This opens it up to direct communication from the outside world.  Proper security will do a lot here, but it still opens it up to brute force attacks, DoS, etc.
    2) The client will have the authentication required to connect to the database.  In conjunction with point 1, this means that any invalid use of the client could (ie: reverse engineering), potentially, provide the authentication required to connect to the database directly.  This also makes it more difficult to change the database's security if there's a break in your security, since it will break clients.  (Unless the user is directly authenticating, which opens up more maintenance issues).

    Providing a service in between the DB and the client does the following:

    1) Changes it so only your service, under your control, can access the database.
    2) Provides a layer of security by having your service authenticate any data requests.  SQL Injection, for example, can be filtered out in the server prior to being sent to the DB.
    3) Provides a level of control, since you can expose specific functionality via the server, and prevent any other requests.

    As for understanding the importance - it really depends on what type of data is being stored in the server.  If an abusive person gets access to the database, any sensitive information will become public (very bad) and any data could be removed/deleted/corrupted at any time.



    Reed Copsey, Jr. - http://reedcopsey.com
    Tuesday, September 22, 2009 8:44 PM