Home All Groups Group Topic Archive Search About

Internet - Intranet Data Dilema

microsoft.public.dotnet.framework
Author
9 Feb 2006 4:06 PM
asdf
Hi,

Currently, I have one database for Intranet clients on the server behind the
firewall. But I was asked to allow the extranet users to access the same
data. From the security perspective what is the best way to make that data
accessible.

Should we have two databases one for Intranet and one for Extranet? In that
case the second one would be a replica but that would cost us money for the
extra MS SQL license. Maybe it is OK to have only one physical database.
Maybe MySQL is a good idea to use as a replica that would be refreshed
nightly. Or XML data would be OK to server only extranet.

What would be the best idea to do.

We are all MS shop.

Thanks in advance for any help,
Tom

Author
9 Feb 2006 5:59 PM
Morgan
One suggestion is to set up a rule on the firewall that only allows
connections from the public IIS machine(s) to the DB server, that way you're
not exposing your SQL Server to the public, only to specific machine(s) in
your DMZ.



Show quote
"asdf" <a***@asdf.com> wrote in message
news:sLJGf.4556$J%6.282236@news20.bellglobal.com...
> Hi,
>
> Currently, I have one database for Intranet clients on the server behind
> the firewall. But I was asked to allow the extranet users to access the
> same data. From the security perspective what is the best way to make that
> data accessible.
>
> Should we have two databases one for Intranet and one for Extranet? In
> that case the second one would be a replica but that would cost us money
> for the extra MS SQL license. Maybe it is OK to have only one physical
> database. Maybe MySQL is a good idea to use as a replica that would be
> refreshed nightly. Or XML data would be OK to server only extranet.
>
> What would be the best idea to do.
>
> We are all MS shop.
>
> Thanks in advance for any help,
> Tom
>
>
>
Author
9 Feb 2006 6:06 PM
Vadym Stetsyak
Hello, asdf!

How are internet and intranet user authenticated?

If you don't want to buy another license, you can establish security constaints for database accounts that are used to access data. These are general security issues ( account can only modify/read appropriate data ).

If security policy for each user type is applied correctly - then there is no difference where db server is situated.
By correctness I mean that there are different user types in the application, every user type has separate account in database with appropriate permissions for that account.

Also if you will encrypt sensitive data - security will benefit
--
Regards, Vadym Stetsyak
www: http://vadmyst.blogspot.com

AddThis Social Bookmark Button

Post Other interesting topics
FileSystemWatcher advice required please
Web Service / Authenticating Proxy .NET and COM interop
OOP Question - Implementation, I think
double discrepancy between PDA and PC
ExecuteNonQuery() Error - Attempted to read or write protected memory