Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
GavinHope
Starting Member
2 Posts |
 Posted - 2008-05-14 : 06:51:06
|
| Hi,I'm currently writing a desktop application that communicates directly with a SQL server database on the local network. Ideally we'd like to connect directly to the database via the Internet.- connecting via the Internet is important because we want easy access from anywhere.- directly is important because fast data transfer is a requirement.Not knowing much about the security implications of such a connection, I thought I'd ask here. So what are the major risks and objections? Can the connection and data be made secure?Cheers, Gavin |
|
|
mcrowley
Aged Yak Warrior
771 Posts |
Posted - 2008-05-14 : 10:43:29
|
| Considering that you are connecting over the internet, we can probably assume that connecting with Windows Authentication is out. This leaves you with SQL Server Authentication, which will be vulnerable to dictionary attacks. I am not sure if you can force SQL Server to accept only encrypted credentials. I suspect it is possible to encrypt credentials, but I am not sure it is possible for SQL Server to disregard any non-encrypted tries. |
 |
|
|
GavinHope
Starting Member
2 Posts |
Posted - 2008-05-15 : 04:47:08
|
| Yeah, that's what I was thinking at first, but after some discussion it's probably reasonable for our customers to connect using a vpn... in which case a lot of the difficulties go away.After a little bit of looking along-side this, I also read a few things about SSH Tunneling - which seems to be an option with regards to securing the connection to the server... |
|
|
|
|
|
|
Connecting directly to SQL Server oer the Internet