SQL on the Internet

  • Hi

    We have done several substantial projects with SQL server 2000 and are now working out an Internet project - to be hosted by an ISP. Need to ramp up knowledge on effective/safe/efficient ways of using SQL. For example, can we replicate between SQL on a web site and SQL on one of our servers (for backup and data security). Can we/should be use encryption for the whole database, etc, etc.

    Any suggestions of where I can turn to find this sort of information would be much appreciated. Good books, MSDN, web sites?

    Thanks

    David

  • NGSSoftware have a couple of good papers on sql injection which are worth a read, espically if you are putting a database on the web.

    http://www.nextgenss.com/papers.html

    Steven

  • Thanks for the posts, Jonathan and Steven.

    I'll check out the references though I'm OK with SQL injection and much of the security stuff. Its the architectural possibilities that I want to explore more fully.

    Any other ideas?

  • I have done a similar type project where the web server is hosted at the ISP. But the client (and frankly, myself) did not want to put the database on the web server outside of the company. So we created COM+ components (in VB) on an internal server that ASP pages on the ISP server would call, and only the COM components would access the SQL Server.

    Result is database is totally inside and secure. COM server was protected using IP filtering to only allow connection from ISP server, and only using RPC port. Performance is still good because virtually all business logic was in the COM components, the only data outgoing "on the wire" was data to be displayed.

    Just another option that may fit your situation.

    Edited by - mharr on 10/03/2003 06:16:57 AM



    Mark

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply