Can someone point me to, if its possible, a means of allowing access to an
MSDE database over the internet?
I suspect it will involve a static IP address at the host, opening a port in
the firewall, and use of NAT?
a static IP address at the host (thats when the SQL Server is reachable over
the internet in the DMZ) OR opening a port in the firewall, and use of NAT?
Thats when an option when your SQL Server is located in your LAN and
tunneled through NAT (and perhaps port translation). The sense of that would
be to use the Server for your internet application. But therefore the last
option would be preferable whereas a firewall would only allow the Web
Server (which could possibe host your application) to request data.
HTH, Jens Suessmeyer.
http://www.sqlserver2005.de
"mikeb" <mike@.nohostanywhere.com> schrieb im Newsbeitrag
news:eHI$yPmZFHA.1868@.TK2MSFTNGP14.phx.gbl...
> Can someone point me to, if its possible, a means of allowing access to an
> MSDE database over the internet?
> I suspect it will involve a static IP address at the host, opening a port
> in the firewall, and use of NAT?
>
|||I'm not sure I follow.
I have a PC app (actually a mobile PC app using Windows Mobile) that needs
to access a database in another factory. I was thinking of opening the
database to access via the internet (securely as possible) so that the app
could access this remote database.
I'm finding quite a few messages about people doing it, but I've still not
found how.
?
thx.
"Jens Smeyer" <Jens@.Remove_this_For_Contacting.sqlserver2005.de> wrote in
message news:%23c4KRnmZFHA.1412@.TK2MSFTNGP12.phx.gbl...
>a static IP address at the host (thats when the SQL Server is reachable
>over the internet in the DMZ) OR opening a port in the firewall, and use of
>NAT? Thats when an option when your SQL Server is located in your LAN and
>tunneled through NAT (and perhaps port translation). The sense of that
>would be to use the Server for your internet application. But therefore the
>last option would be preferable whereas a firewall would only allow the Web
>Server (which could possibe host your application) to request data.
> --
> HTH, Jens Suessmeyer.
> --
> http://www.sqlserver2005.de
> --
> "mikeb" <mike@.nohostanywhere.com> schrieb im Newsbeitrag
> news:eHI$yPmZFHA.1868@.TK2MSFTNGP14.phx.gbl...
>
|||I would use something more reliable than just opening a port in the
firewall, something like a VPN, that more secure than doing just a NATing.
HTH, Jens Suessmeyer.
http://www.sqlserver2005.de
"mikeb" <mike@.nohostanywhere.com> schrieb im Newsbeitrag
news:e0HWDXrZFHA.464@.TK2MSFTNGP15.phx.gbl...
> I'm not sure I follow.
> I have a PC app (actually a mobile PC app using Windows Mobile) that needs
> to access a database in another factory. I was thinking of opening the
> database to access via the internet (securely as possible) so that the app
> could access this remote database.
> I'm finding quite a few messages about people doing it, but I've still not
> found how.
> ?
> thx.
> "Jens Smeyer" <Jens@.Remove_this_For_Contacting.sqlserver2005.de> wrote
> in message news:%23c4KRnmZFHA.1412@.TK2MSFTNGP12.phx.gbl...
>
|||Thanks Jens,
Before I go down that route - I'm just curious - how unsecure is opening a
port to allow this type of access? The factory that I'm setting this up for
is small, and I'm not sure that they will afford a Windows Server to setup
VPN. I'm going to check it out with them, but I dont' think that will work.
If so, and opening a port isn't viable, we may have to resort to the old
fassioned way of using modems.
I'm very willing to continue my research - please feel free to point me
elsewhere as it sounds like maybe this topic is becoming out of scope for
this group. ?
"Jens Smeyer" <Jens@.Remove_this_For_Contacting.sqlserver2005.de> wrote in
message news:uNyRnbrZFHA.3568@.TK2MSFTNGP10.phx.gbl...
>I would use something more reliable than just opening a port in the
>firewall, something like a VPN, that more secure than doing just a NATing.
> --
> HTH, Jens Suessmeyer.
> --
> http://www.sqlserver2005.de
> --
> "mikeb" <mike@.nohostanywhere.com> schrieb im Newsbeitrag
> news:e0HWDXrZFHA.464@.TK2MSFTNGP15.phx.gbl...
>
|||hi,
mikeb wrote:
> Thanks Jens,
> Before I go down that route - I'm just curious - how unsecure is
> opening a port to allow this type of access? The factory that I'm
> setting this up for is small, and I'm not sure that they will afford
> a Windows Server to setup VPN. I'm going to check it out with them,
> but I dont' think that will work. If so, and opening a port isn't
> viable, we may have to resort to the old fassioned way of using
> modems.
> I'm very willing to continue my research - please feel free to point
> me elsewhere as it sounds like maybe this topic is becoming out of
> scope for this group. ?
>
personally I'd never directly expose the database server on the Internet
that way... you are claiming for troubles :D
Jens already exposed the "classical" ways to protect you data, and doing
your way you are bypassing them all..
hope your customers will want to pay for their own security..
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
DbaMgr2k ver 0.12.0 - DbaMgr ver 0.58.0
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply
|||My way? ack. No, really, I'm ignorant to this - I was just throwing out
my initial ideas.
So VPN is the best way to go then? Now I need to go find out some more info
on VPN.
Always open to further suggestion. or things to watch for.
I am curious, what are some of the fallbacks to using VPN for
SQLserver(msde) access? will the factory lose any other features of their
network use? I'll go check out a server or vpn group now too.
Thanks,
-m
"Andrea Montanari" <andrea.sqlDMO@.virgilio.it> wrote in message
news:3g64bsFabhp0U1@.individual.net...
> hi,
> mikeb wrote:
> personally I'd never directly expose the database server on the Internet
> that way... you are claiming for troubles :D
> Jens already exposed the "classical" ways to protect you data, and doing
> your way you are bypassing them all..
> hope your customers will want to pay for their own security..
> --
> Andrea Montanari (Microsoft MVP - SQL Server)
> http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
> DbaMgr2k ver 0.12.0 - DbaMgr ver 0.58.0
> (my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
> interface)
> -- remove DMO to reply
>
|||VPN is one of the prefered ways to do this, because you dont need to open
any ports in your firewall and can grant full access to your network
(depends on how you setup the VPN). Its the securest thing with the most
variety (for me), because there are many features you can implement, like
smartcard authentication etc.
HTH, Jens Suessmeyer.
http://www.sqlserver2005.de
"mikeb" <mike@.nohostanywhere.com> schrieb im Newsbeitrag
news:Oc39DfsZFHA.3340@.TK2MSFTNGP10.phx.gbl...
> My way? ack. No, really, I'm ignorant to this - I was just throwing out
> my initial ideas.
> So VPN is the best way to go then? Now I need to go find out some more
> info on VPN.
> Always open to further suggestion. or things to watch for.
> I am curious, what are some of the fallbacks to using VPN for
> SQLserver(msde) access? will the factory lose any other features of their
> network use? I'll go check out a server or vpn group now too.
> Thanks,
> -m
> "Andrea Montanari" <andrea.sqlDMO@.virgilio.it> wrote in message
> news:3g64bsFabhp0U1@.individual.net...
>
|||Personally I would NEVER expose to the Internet, a SQL Server/MSDE that I
wanted to keep secure. Don't do it, simple as that. There are better ways
to do this kind of thing - Remote Desktop over a VPN is one of them.
However, I recognise that people like breaking the rules so here's how you
do it:
1. Set your SQL Server/MSDE to use Mixed Mode Authentication (see
http://support.microsoft.com/default...;EN-US;Q325022 for details)
2. Open port 1433 on your firewall and tell your router's NAT to forward all
requests on port 1433 from the Internet to your SQL Server.
3. Sit around for a few hours while somebody brute force attacks your server
and destroys all your valuable corporate data
4. Er...that's it
I really cannot emphasis how dumb this is - IMHO the only reason that
Microsoft stuff gets hacked so often is not that it is fundamentally
insecure, it is that people do insecure things with it. Any of the recent
Microsoft Server products properly configured are as tough as the
competition.
The most secure way to expose data over the Intenet is through XML Web
Services. The great thing is that you can use the same technique to
securely manage your data internally too - definitely worth looking into.
hth
~Ben
"mikeb" <mike@.nohostanywhere.com> wrote in message
news:Oc39DfsZFHA.3340@.TK2MSFTNGP10.phx.gbl...
> My way? ack. No, really, I'm ignorant to this - I was just throwing out
> my initial ideas.
> So VPN is the best way to go then? Now I need to go find out some more
> info on VPN.
> Always open to further suggestion. or things to watch for.
> I am curious, what are some of the fallbacks to using VPN for
> SQLserver(msde) access? will the factory lose any other features of their
> network use? I'll go check out a server or vpn group now too.
> Thanks,
> -m
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment