|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Internet - Intranet Data DilemaCurrently, I have one database for Intranet clients on the server behind the firewall. But I was asked to allow the extranet users to access the same data. From the security perspective what is the best way to make that data accessible. Should we have two databases one for Intranet and one for Extranet? In that case the second one would be a replica but that would cost us money for the extra MS SQL license. Maybe it is OK to have only one physical database. Maybe MySQL is a good idea to use as a replica that would be refreshed nightly. Or XML data would be OK to server only extranet. What would be the best idea to do. We are all MS shop. Thanks in advance for any help, Tom Shouldn't you create a bussiness tier and expose it through webservices, for
example? Why do they need to access your db? -- Show quoteMiha Markic [MVP C#] RightHand .NET consulting & development www.rthand.com Blog: http://cs.rthand.com/blogs/blog_with_righthand/ "asdf" <a***@asdf.com> wrote in message news:fMJGf.4558$J%6.282096@news20.bellglobal.com... > Hi, > > Currently, I have one database for Intranet clients on the server behind > the firewall. But I was asked to allow the extranet users to access the > same data. From the security perspective what is the best way to make that > data accessible. > > Should we have two databases one for Intranet and one for Extranet? In > that case the second one would be a replica but that would cost us money > for the extra MS SQL license. Maybe it is OK to have only one physical > database. Maybe MySQL is a good idea to use as a replica that would be > refreshed nightly. Or XML data would be OK to server only extranet. > > What would be the best idea to do. > > We are all MS shop. > > Thanks in advance for any help, > Tom > ASDF,
My first thought "webservice". And than exposure only those methods that give the information that you want to give. AFAIK is in all other situations the user able to see in one or the other way the IP address of your Server and can start digging. Just my thought, Cor Show quote "asdf" <a***@asdf.com> schreef in bericht news:fMJGf.4558$J%6.282096@news20.bellglobal.com... > Hi, > > Currently, I have one database for Intranet clients on the server behind > the firewall. But I was asked to allow the extranet users to access the > same data. From the security perspective what is the best way to make that > data accessible. > > Should we have two databases one for Intranet and one for Extranet? In > that case the second one would be a replica but that would cost us money > for the extra MS SQL license. Maybe it is OK to have only one physical > database. Maybe MySQL is a good idea to use as a replica that would be > refreshed nightly. Or XML data would be OK to server only extranet. > > What would be the best idea to do. > > We are all MS shop. > > Thanks in advance for any help, > Tom > Can the webservices be used between the old ASP files?
Show quote "Cor Ligthert [MVP]" <notmyfirstn***@planet.nl> wrote in message news:ex3%23fYZLGHA.4052@TK2MSFTNGP15.phx.gbl... > ASDF, > > My first thought "webservice". > > And than exposure only those methods that give the information that you > want to give. AFAIK is in all other situations the user able to see in one > or the other way the IP address of your Server and can start digging. > > Just my thought, > > Cor > > "asdf" <a***@asdf.com> schreef in bericht > news:fMJGf.4558$J%6.282096@news20.bellglobal.com... >> Hi, >> >> Currently, I have one database for Intranet clients on the server behind >> the firewall. But I was asked to allow the extranet users to access the >> same data. From the security perspective what is the best way to make >> that data accessible. >> >> Should we have two databases one for Intranet and one for Extranet? In >> that case the second one would be a replica but that would cost us money >> for the extra MS SQL license. Maybe it is OK to have only one physical >> database. Maybe MySQL is a good idea to use as a replica that would be >> refreshed nightly. Or XML data would be OK to server only extranet. >> >> What would be the best idea to do. >> >> We are all MS shop. >> >> Thanks in advance for any help, >> Tom >> > > Doh,
I was thinking on windowforms applications in an intranet (LAN) . If you create just seperate pages (which you extract from your current) which can not affect the data for your extranet and set those as a seperated web on a seperate webserver, than you are in fact doing the same as my thought about webservice. Normally with asp the users see never your database server. Just my idea. Cor Show quote "asdf" <a***@asdf.com> schreef in bericht news:wjKGf.4590$J%6.283225@news20.bellglobal.com... > Can the webservices be used between the old ASP files? > > > > "Cor Ligthert [MVP]" <notmyfirstn***@planet.nl> wrote in message > news:ex3%23fYZLGHA.4052@TK2MSFTNGP15.phx.gbl... >> ASDF, >> >> My first thought "webservice". >> >> And than exposure only those methods that give the information that you >> want to give. AFAIK is in all other situations the user able to see in >> one or the other way the IP address of your Server and can start digging. >> >> Just my thought, >> >> Cor >> >> "asdf" <a***@asdf.com> schreef in bericht >> news:fMJGf.4558$J%6.282096@news20.bellglobal.com... >>> Hi, >>> >>> Currently, I have one database for Intranet clients on the server behind >>> the firewall. But I was asked to allow the extranet users to access the >>> same data. From the security perspective what is the best way to make >>> that data accessible. >>> >>> Should we have two databases one for Intranet and one for Extranet? In >>> that case the second one would be a replica but that would cost us money >>> for the extra MS SQL license. Maybe it is OK to have only one physical >>> database. Maybe MySQL is a good idea to use as a replica that would be >>> refreshed nightly. Or XML data would be OK to server only extranet. >>> >>> What would be the best idea to do. >>> >>> We are all MS shop. >>> >>> Thanks in advance for any help, >>> Tom >>> >> >> > > ASDF:
I have a similar situation and for one client, we specifically poked a hole in the firewall to allow access but that's only b/c for that client, we pretty much had to go that route (the consultants they hired to design the solution deemed it so and we were just building it for them). The better solution is to use WebServices and Remoting. Sit a web serivce outside of your firewall in a DMZ. Then use .NET Remoting to call the business layer from the web service. Have the business layer hosted on an application server that can only be accessed from the web server. Then have the App Server call the db directly or call another server inside the firewall which talks to the db. Essentially what you're doing is ensuring that your web server can't talk to anything but the app server and the app server can't talk to anything but the db. in so doing, there's no link from the web server to the database. I know these are vastly different approaches but there isn't one 'security perspective'. It depends on a lot of things, budget being one of the biggest considerations. The latter configuration is what we've done for many state agencies and very security imperative installs. but if you have the cash, you can certainly get a lot more complex than this. Check out Eric's blog at http://marvets.com/blog/default.aspx and you may want to run this by him. He's a Security MVP and usually very willing to help people out - not to mention he's one of the most knowledgeable people I know when it comes to security particuarly with respect to databases. HTH, Bill Show quote "asdf" <a***@asdf.com> wrote in message news:fMJGf.4558$J%6.282096@news20.bellglobal.com... > Hi, > > Currently, I have one database for Intranet clients on the server behind > the firewall. But I was asked to allow the extranet users to access the > same data. From the security perspective what is the best way to make that > data accessible. > > Should we have two databases one for Intranet and one for Extranet? In > that case the second one would be a replica but that would cost us money > for the extra MS SQL license. Maybe it is OK to have only one physical > database. Maybe MySQL is a good idea to use as a replica that would be > refreshed nightly. Or XML data would be OK to server only extranet. > > What would be the best idea to do. > > We are all MS shop. > > Thanks in advance for any help, > Tom >  |
|||||||||||||||||||||||
Other interesting topics