All geek questions in one place

SQL Server Protection for the Web

Hope this question is not too broad. I am still doing research, but I was hoping to get opinions from some experts. We are a software provider, and our flagship software is accessible through a portal - our SQL servers (active-active-passive cluster) are safely located behind our firewalls and are only accessible through our application. We have a very large client who wants to branch out and wants to get direct read-only access to their database. This is what we did not do before, and makes us nervous. I look forward to some recommendations on securing a SQL server for the Internet.

I must say that our cluster contains hundreds of client databases, only one of which will be available through this Internet connection. If necessary, we can add additional hardware or software levels. This is SQL 2005.

Thanks to everyone.

+4
source share
2 answers

Basically, you need to establish a VPN between your site and them. This way you can connect them to the local network.

The VPN you use should allow you to grant access only to the database server itself.

After that, make sure that you configure a specific database user who has rights to the actual database that they need.

+2
source

VPN , IP- , IP- ip. , SQL. SQL "" . "db_denydatawriter" "db_datareader", , , , , . . " ". "" " ". , SQL. , , SQL, , .. . sprocs, , .

, .

USE [master]
GO
CREATE LOGIN [remoteuser] WITH PASSWORD=N'test', DEFAULT_DATABASE=[CLIENTDB], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
USE [CLIENTDB]
GO
CREATE USER [remoteuser] FOR LOGIN [remoteuser]
GO
USE [CLIENTDB]
GO
EXEC sp_addrolemember N'db_datareader', N'remoteuser'
GO
USE [CLIENTDB]
GO
EXEC sp_addrolemember N'db_denydatawriter', N'remoteuser'
GO
use [master]
GO
DENY VIEW ANY DATABASE TO [remoteuser]
GO
+2

Source: https://habr.com/ru/post/1541176/

More articles:


All Articles