"Tony B" <tony.brough1234@1234blueyonder.co.uk> wrote in message
news:bk2ga6$cas$1@hercules.btinternet.com...
> Hi All
>
> I am a newbie with MS SQL. I am curently working on an application which
> uses MS Sql as the database. The application will be used by approx 5
users
> on the network, and the data will be available on the web via an asp.net
> application that allows clients to obtain read only access to the data.
>
> Rather than using MSDE or MS SQL locally on the network and updating the
> database that is provived by my ISP I thought it would be ideal and cost
> effective to use the database provided by my ISP and hence give a real
time
> reflection on the web site.
>
> I would be grateful if anybody could give me an idea of the security risks
> in using this method.
>
> TIA
>
> Regards
>
>
> Tony

"Bob Simms" <bob_simms@hotmail.com> wrote in message
news:cQ39b.3854$H21.3717@news-binary.blueyonder.co.uk...
> "Tony B" <tony.brough1234@1234blueyonder.co.uk> wrote in message
> news:bk2ga6$cas$1@hercules.btinternet.com...
> > Hi All
> >
> > I am a newbie with MS SQL. I am curently working on an application
which
> > uses MS Sql as the database. The application will be used by approx 5
> users
> > on the network, and the data will be available on the web via an asp.net
> > application that allows clients to obtain read only access to the data.
> >
> > Rather than using MSDE or MS SQL locally on the network and updating the
> > database that is provived by my ISP I thought it would be ideal and cost
> > effective to use the database provided by my ISP and hence give a real
> time
> > reflection on the web site.
> >
> > I would be grateful if anybody could give me an idea of the security
risks
> > in using this method.
> >
> > TIA
> >
> > Regards
> >
> >
> > Tony
>
> Normally it is not a good idea to put a db server on the internet
directly.
> The most secure way is to have a firewall that allows access from the net
to
> the Web server, and a different firewall between the web server and the
sql
> server. That way if the external firewall or the web server are
> compromised, people still can't access your database.
>
> You obviously must allow people access to your web server. If you put the
> database on the same server as your web server, then it makes it easier
for
> people to attempt to hack your database. If possible, you should ask your
> ISP to host your database on their internal network, and allow restricted
> access from the DMZ on which their web server is.
>
> If you do host it on the same server, do the usual things of putting a
> secure password on sysadmin users, and make sure any uploads and admin
> access to the server you do are encrypted. Also make sure port 1433 is
> closed on the firewall, to prevent people accessing SQL Server without
> having to go through ASP
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.516 / Virus Database: 313 - Release Date: 01/09/2003
>
>

"Tony B" <tony.brough1234@1234blueyonder.co.uk> wrote in message
news:bk2mm4$mui$1@titan.btinternet.com...
> Hi Bob
>
> thanks for the (prompt) reply.
>
> Just to clarify my first post, the Database is provided by my ISP and is I
> believe on a seperate server and behind a firewall and access is
restricted
> by username and password.
>
> The application would be run on a number of user boxes on my network,
which
> in turn are behind a firewall.
>
> My concen is how secure is the transmission of data via the broadband
> connection.
>
>
> Regards
>
> Tony