One point of having a DMZ network is to isolate systems that accept untrusted connections from those that do not. A front-end web server accepts untrusted connections, but the SQL DB server does not; at least not directly. So if you have some other way to isolate the communication between those boxes so that one only talks to the other via something like a SQL port, then I guess feel free.
Otherwise, the easiest best practice is to just say SQL DBs in the DMZ is a bad idea. If your web server gets popped, maybe even marginally, it could open up easy attacks into your SQL box. Of course, this is a whole new discussion if: - you're a small shop and/or might consider internal users as untrusted, but can't afford so many separate networks - you consider SQL owned if your front end web server is owned, which is a certain non-layered way to look at it On Tue, May 17, 2011 at 3:08 PM, Juan Cortes <[email protected]>wrote: > Hope all is well, > > Can anyone point or recommend a some resources for best practices for SQL > DBs in the DMZ > > thanks > > -- > Juan C. > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
