Results 1 to 2 of 2
  1. #1
    Join Date
    Dec 2002
    Posts
    12

    Unanswered: Accessing SQL Server

    Hi Group,

    I have my IIS webserver outside the fire wall and my SQL Server is behind the firewall . Can IIS Still access the SQL Server for ASP pages, is it for this situation do i need to open the port no 1433 in the firewall for SQL Server, if so is there any security threat?
    Thank You for your Time
    Krishna

  2. #2
    Join Date
    Dec 2002
    Posts
    1,245

    Re: Accessing SQL Server

    <sarcasm mode="on">
    Security threat? This is Microsoft, you don't need to worry about security!
    <sarcasm mode="off">

    Sorry about that.

    Yes, if you have a firewall and your IIS server is outside the firewall, then you will need to open up port 1433 to allow traffic from your web server back to your SQL server. You should be able to do this in such a way that the 1433 traffic MUST originate from the IP address of the web server.

    Regards,

    Hugh Scott

    Notes:
    1. Sorry again for the sarcasm, I couldn't overlook the opportunity.
    2. You should be VERY cautious with your ASP pages. It would be far more secure to avoid any ADO references in the ASP pages. Instead, consider creating DLLs that embed the ADO and expose properties and methods that you can access from ASP.
    3. Be sure to avoid putting connection information in your ASP. At a minimum, try putting the connection info in the global.asa file or in include files that are in a directory with tighter security.
    4. Finally, be sure than you "cleanse" user input of any characters that might be used in a SQL injection attack ("%" "," "'" ";"). there are other characters, but these are the bigger ones.

    Originally posted by mellamarthy
    Hi Group,

    I have my IIS webserver outside the fire wall and my SQL Server is behind the firewall . Can IIS Still access the SQL Server for ASP pages, is it for this situation do i need to open the port no 1433 in the firewall for SQL Server, if so is there any security threat?
    Thank You for your Time
    Krishna
    Last edited by hmscott; 02-04-03 at 14:57.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •