locked
SQL Server 2005 Internet security RRS feed

  • Question

  • I need to setup a SQL Server 2005 database for access from the internet. There will be an application that will have a specific connection string and is only installed at certain locations. VPN is out because of the requirements so my only recourse is to allow access from the internet. I am looking for additional information on setting up the server so I do not miss anything.

     

    So far I plan to include: set a sql login for the access and restrict it to one databas, setup an SSL certificate, add a different port to listen on, open up the firewall for that port, set encryption on. Anything that I am missing?

    Tuesday, November 11, 2008 5:45 PM

Answers

  • Well, changing the port numbers will just keep the low brainer script kiddies away. Make sure that you will block DOS attacks from your firewalls. Make sure that you disable the sa account as this is known from anyone ever gotten in touch with SQL Server. Make sure that you do not expose your database to SQL Injection attacks by checking your business logic. If you already build and developed your database make sure you do not expose more objects than needed, if you are starting the development, make sure you capsulate your business logic in stored procedures, not allowing access to the base tables.

     

    Jens K. Suessmeyer

     

    Tuesday, November 11, 2008 8:21 PM

All replies

  • Well, changing the port numbers will just keep the low brainer script kiddies away. Make sure that you will block DOS attacks from your firewalls. Make sure that you disable the sa account as this is known from anyone ever gotten in touch with SQL Server. Make sure that you do not expose your database to SQL Injection attacks by checking your business logic. If you already build and developed your database make sure you do not expose more objects than needed, if you are starting the development, make sure you capsulate your business logic in stored procedures, not allowing access to the base tables.

     

    Jens K. Suessmeyer

     

    Tuesday, November 11, 2008 8:21 PM
  • Thanks, I am not in charge of the coding on this one, just the infrastructure. I will be locking this server down as tight as possbile.

     

    I just want to make sure I have not missed anything on the network side as well as the security setup.

     

     

    Tuesday, November 11, 2008 11:38 PM