SSRS Security

views:

168

answers:

Scenarion: I am having a web application which is going to use SqlServerReport(SSRS) sitting on ReportingServer which is on my DatabaseServer.

There is a firewall between webapplication & SqlserverReport server.

Now how safe is it to use reports directly from webserver (ie accessing something there on database server.) We use a appserver to interact with the database data. All basic calls are

UI ==> AppServer ==> DatabaseServer (general cases) :) happy
UI ==> DatabaseServerReports (to access Sqlserver reports) :(

So my concern is how safe is to access reports directly from Databaseservers.

Why not use your app to display the reports? With ASP.NET you can use a report viewer control to display the report so the user has no idea where the report is coming from except that it is within the application.

Eppz 2009-01-23 18:52:07

How safe depends on where the user is located. SQL Server Reporting Services was not intended to be opened up to the Internet, for instance. Neither was the SQL Server database engine, for that matter. You said there's a firewall between the web server and the SQL Server, but that's not an unusual configuration in internal networks nowadays.

The concern that might come up is one from the performance side, more than any other. By viewing the reports using SSRS, the report rendering will occur on the same server as your database engine. If the hardware isn't enough for both roles, you'll see performance issues.

K. Brian Kelley 2009-01-23 19:00:19

Our security folks made us install IIS on a separate partition.

Sam 2009-01-23 21:07:26

ansaurus

tags:

views:

answers:

SSRS Security

related questions