On Wed, Jun 9, 2010 at 8:45 AM, MB Software Solutions, LLC <[email protected]> wrote: > Alan Bourke wrote: >> >> On Wed, 09 Jun 2010 09:35 -0300, "Rafael Copquin" >> <[email protected]> wrote: >>> As always, very informative and to the point. Thank you. >> >>> The idea is that the branch can access the SQL database on line in real >>> time, to retrieve or update information in the database. >>> >> >> Major security and speed alarm bells are ringing for me here. It's >> probably generally accepted that exposing an SQL Server to the internet >> directly is a bad idea. At the very least make users establish a VPN >> connection first. A better way would be to use a web service and have >> the client application go through that. > > > As long as they get a secure certificate on the site, I thought that > remedies this? Of course, you need to make sure of login credentials. -----------------
Not even close to a remedy. All that does is attempt to hide the data passed, not stopping access to the port. As Ted stated never expose a DATA Server to the DMZ, this being SQL is not diff then say MySQL, Oracle, .... VPN between client site off campus and corporate campus network is necessary. -- Stephen Russell Sr. Production Systems Programmer CIMSgts 901.246-0159 cell _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
