December 12, 2002 at 2:32 pm
We have a SQL server that acts as a backend to a public web server (we openend a port in the firewall). I know nothing about this technology but does "SSL" have anything to offer us in this situation? Should we consider encrypting the data sent to the Sql backend? Or should we case-harden the sql server itself? (Don't know where to draw the line or where to start.) Know of any readable Sql\SSL references?
TIA,
Bill
December 12, 2002 at 5:06 pm
Not sure it matters here. Is this a switched connection? If so, the you'd have to hack the network switch.
Plus, the web server is exposed. If someone hacks that, SSL won't help becuase they can use that server to log into SQL and read data.
Be sure the SQL Server isn't accessable from the web and then I don't think SSL buys you anything. Except a certificate 🙂
Steve Jones
December 13, 2002 at 6:48 am
Just to piggyback on Steve... SSL protects the data stream as it goes across the wire. That means if you're worried about someone sniffing the traffic between the web server and the SQL Server, SSL will help.
Otherwise, everything else is the same. Authentication, etc. So as Steve indicates, SSL doesn't buy you anything with respect to keeping SQL Server secure if the web server is compromised.
There's an article in the most recent SQL Server magazine covering SSL in an environment where there is an enterprise certificate authority (CA), but unless you have one of those it doesn't go into the other options.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply