February 5, 2003 at 4:00 pm
I asked this in the programming section but didn't get any responses, could be the wrong section.
I understand that to use merge replication on a hand held pc with SQL CE I have to configure the IIS and SQL Server automatically sets up an anonymous subscription.
My question is does this pose a threat to database security, or can anybody clever enough to find out the IIS configuration change or copy me SQL data?
Thanks in advance
Bruce
February 6, 2003 at 9:00 am
Bruce,
I know that is it a requirement that you allow anonymous subscriptions to the SQL Server merge publication, but you still have an access list associated with the publication so it is not as if just anyone can subscribe unless they have been given rights via their SQL Server login or NT group.
I suspect you may be concered also with the default behavior of the IIS setup which gives anonymous access to the SSCE??.dll which is used as the glue between the servers. This can be changed to use either basic or NT authentication (although I've never played with NT authentication on a CE device I'm sure it is possible). Actually you will probably run into security issues if you try and use an anonymous login to IIS since typically the anonymous user account that IIS uses would not be able to access the snapshot folder on the publisher.
I may have totally misread your questions, but I hope this provides some useful information.
Brian
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply