RS Over the internet - security
-
Hi there,
We are looking at making RS over the web for a client.
Is is safe to put RS on the web? Is it possible to provide adequate security for complete peace of mind - ssl etc? Or does another security layer have to be placed over it?
Advice, thoughts, and some pointers would be greatly appreciated!!
Many thanks
Chris
-
This was removed by the editor as SPAM
-
"Although SQL Server Reporting Services is not expressly designed for Internet report deployment scenarios, you can successfully place Reporting Services on an Internet-facing Web server ................."
Look here for complete article:
http://msdn2.microsoft.com/en-us/library/ms159272(SQL.90).aspx
Hope this help.
-
RS also supports SSL. It is part of the installation process. Obviously SSL must be intalled on the web server.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question -
Thanks guys.
Regarding SSL - would this be good enough for security? If I implemented SSL, set up windows users on the server, and used windows security in IIS, would this be good enough for the web?
Regards
Chris
-
Well, SSL is the standard for secure websites now a day.
We have also used SSL for one of our application (not SSRS), and very satisfied. But as you might know SSL doesn't prevent the message from being intercepted, but it will be useless to the interceptor.
I think you will be fine.
One thing you might need to consider is using 128-bit encryption rather than 40-bit, the longer the key, the more difficult to break. But if your application is open to anyone, even outside US, you probably need to stick with 40-bit encryption, if not go for 128-bit.
That is just my personally opinion, as I mentioned we have not done this particularly for SSRS, but web is web and to secure it SSL is the path to follow. If you decided to go for it, just keep that URLROOT setting mentioned in URL I mentioned in my previous reply.
Good luck!
-
Thanks Syed,
Would I use windows integrated authority? We are looking to putting our server in a data centre, and having it dedicated for this. Idea is to have SQL and RS all on the same box.
Many thanks
Chris
-
Well it depends what your setup is, because Integrated Windows authentication only works with IE, not with Netscape and other browsers. It worked for me because we were in an intranet environment, and using IE only.
SQL and RS all on the same box works for me, no problem
-
Thanks Syed - point taken RE only working with IE. This aside, is windows integrated security secure enough for us to be confident about our client's data..?
Should we also implement SSL with windows integrated security?
If we used the above, would we still be exposed to any security risks?
Also, we would have to set up each client as a user on the server. How would we then prevent them having access to the file system, and only having browser access to IE? Have done this before on the built in firewall on our routers, but not sure what the deal would be in this regard in our data centre
Thanks once again for all your help!!!
Chris
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply