Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2003-01-06 : 09:47:21
|
| Tina writes "I am wondering how databases are typically stored in businesses: Is there a separate internal (for internal matters) database (separate from the external one that is accessed via the Web by business customers, etc)? I am concerned about this in terms of security issues. How/where should each of these databases be stored in order to ensure the most security? I am using MSDE to create the database." |
|
|
ValterBorges
Master Smack Fu Yak Hacker
1429 Posts |
Posted - 2003-01-06 : 15:58:52
|
| Normally a database that is accessed by web users via a web server will sit outside the firewall and your internal business data will sit on a server inside the firewall. Depending on how much security you want you can either allow communications only through certain ports or you can physically require that data be moved physically using tape or similar device.For more security information. www.sqlsecurity.com |
 |
|
|
AjarnMark
SQL Slashing Gunting Master
3246 Posts |
Posted - 2003-01-10 : 03:41:05
|
| If you have the resources, I would put the database INSIDE the firewall, and create an IP-specific conduit through the firewall such that only the web server can access the machine the database is on. I would not want my database to be exposed, sitting outside the firewall where anyone could start hacking away at it.Whether internal databases are stored on the same server as externally available databases is another debate. It depends on whether they need to talk to each other, and the different hassles that come along with talking to databases on different servers. Also, you may find, as we did, that some databases are for BOTH internal and external use...------------------------------------------------------The more you know, the more you know you don't know. |
|
|
|
|
|
|
Database storage conventions