Secure access between IIS and SQL Server.

views:

answers:

Secure access between IIS and SQL Server.

The environment setup has an ASP.NET webservice on IIS 6 connecting to a SQL Server over the network.

I am trying to understand, whether it's possible to secure the calls between IIS and SQL Server 2008. Is it possible? Is it something on the lines of SSL?

thanks for reading!

+1 A:

Assuming your SQL box is on the same network as your iis box hosting the service, and both are tucked away behind a firewall, there's no need for that extra security

Pierreten 2009-12-11 02:37:44

A firewall only mitigates certain threats; many others are still exposed, such as things like snooping on the wire from within the data center.

RickNZ 2009-12-11 11:03:06

+3 A:

If you still want to after Pierreten's answer...

Yes, you can enable SSL Encryption for all SQL Server connections.

SQL Server SSL Encryption, server side, is described here. And in KB 316898 too

"Server side" requires only a server certificate and all connections are encrypted
"client side" requires client certs and is optional, and only for that client

Certain client libraries (notably MS JDBC) do not support server side s you may invalidate your host's monitoring (This has happened to me a time or 2)

a blog entry too

gbn 2009-12-11 05:58:17

+1 A:

If both machines are in the same domain, an efficient and easy to manage way to secure the link is by using IPsec.

RickNZ 2009-12-11 11:01:25

@RickNZ: Are there any limitations in using IPSec against SSL? Thank you very much!

pencilslate 2009-12-12 04:39:31

Tn order for IPSec to work, the machines need to be in the same domain. That's not required for SSL. Also, I believe SSL is slower than IPSec.

RickNZ 2009-12-13 02:07:11

ansaurus

tags:

views:

answers:

Secure access between IIS and SQL Server.

related questions