Results 1 to 2 of 2
  1. #1
    Join Date
    Apr 2003

    Unanswered: Setting Up SQL Server

    What is the best way to set up a sql server db that will be accessed via web(asp/ado) and windows (vb/ado) environemnts. I am concerned with security and authentication.


  2. #2
    Join Date
    Apr 2004
    Kansas City, MO
    The web access won't be going through an application layer? Is there any kind of a firewall between the web/app servers and the database servers? If not, then you have a serious security problem with no way to fix it.

    1. Change your default SQL Server port to not use 1433.
    2. Insure the firewalls only allow traffic on the port necessary. Close everything else.
    3. Only allow Windows authentication. Have the web apps/apps run under different user account and give them only access to the stored procedures they need access to.
    4. Monitor to make sure there are no permission changes and no logins from other servers using these logins. You can use a trace for this.

    The idea is to minimize risk, and monitor for known weaknesses.
    When life gives you a lemon, fire the DBA.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts