November 18, 2009 at 6:38 am
Hi all -
I've heard that putting databases in the DMZ isn't a good idea. I've tried to google the topic and haven't really found a definitive reason as to why this is a bad idea. Some say that having customer data out there is a bad idea - probably true, huh? Any further explanation would be greatly appreciated, as I'm still a junior trying to learn all I can.
Thanks in advance!
November 18, 2009 at 9:11 am
It depends on what the data is. You shouldn't put any databases out there that contain confidential data. I work for a governement agency and we have a database server in the DMZ to serve web servers that run applications used by the public. The only data we put on the database server is that which is legally disclosable: nothing confidential. A firewall blocks access to our internal subnet.
Greg
November 18, 2009 at 9:31 am
Oh ok. That makes sense. Thanks!
November 18, 2009 at 9:57 am
It is possible to put a database in the dmz, as long as the data is disclosable (application centric), and then firewall it off. Typically, customer data should not be in the DMZ and thus the databases should not reside in the DMZ in order to protect the customer and the company. Through the use of firewalls, routers and a good network team - the customer would still be able to get to their data while not having the data completely exposed to anybody else.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
November 18, 2009 at 11:19 am
Typically, would something like email addresses/phone numbers be ok to store in a databases in the DMZ???
November 18, 2009 at 12:11 pm
DBAgal (11/18/2009)
Typically, would something like email addresses/phone numbers be ok to store in a databases in the DMZ???
Would there be a downside to that data getting published to the world? Would there be any downside to someone being able to insert/modify that data?
That's my definition of what could end up in a DMZ database. Not only does it need to be non-confidential, it needs to be inocuous data, and one not likely to get you sued if it should happen to get published/stolen.
Unless those names and e-mails are otherwise available to the public, I wouldn't keep them in the DMZ. Even then - I'd have to think about what could happen if someone "added themselves" to that list.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
November 18, 2009 at 12:25 pm
Matt Miller (#4) (11/18/2009)
DBAgal (11/18/2009)
Typically, would something like email addresses/phone numbers be ok to store in a databases in the DMZ???Would there be a downside to that data getting published to the world? Would there be any downside to someone being able to insert/modify that data?
That's my definition of what could end up in a DMZ database. Not only does it need to be non-confidential, it needs to be inocuous data, and one not likely to get you sued if it should happen to get published/stolen.
Unless those names and e-mails are otherwise available to the public, I wouldn't keep them in the DMZ. Even then - I'd have to think about what could happen if someone "added themselves" to that list.
Yeah, that's what I thought.... One of the tables in the database that is going on the DMZ is for people who submit their resumes to our company. Email addresses and names are stored in that table. Too bad no one listened to me when I said that the database should not go on the DMZ...
November 18, 2009 at 12:32 pm
DBAgal (11/18/2009)
Matt Miller (#4) (11/18/2009)
DBAgal (11/18/2009)
Typically, would something like email addresses/phone numbers be ok to store in a databases in the DMZ???Would there be a downside to that data getting published to the world? Would there be any downside to someone being able to insert/modify that data?
That's my definition of what could end up in a DMZ database. Not only does it need to be non-confidential, it needs to be inocuous data, and one not likely to get you sued if it should happen to get published/stolen.
Unless those names and e-mails are otherwise available to the public, I wouldn't keep them in the DMZ. Even then - I'd have to think about what could happen if someone "added themselves" to that list.
Yeah, that's what I thought.... One of the tables in the database that is going on the DMZ is for people who submit their resumes to our company. Email addresses and names are stored in that table. Too bad no one listened to me when I said that the database should not go on the DMZ...
I agree with Matt, and your assessment.
Next time carry a bigger stick to the meeting, maybe they will listen :hehe:
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply