Tech Off Thread

4 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Remotely accessing SQL Server database

Back to Forum: Tech Off
  • User profile image
    shashank.ash

    I am running SQL Server 2008 Express. I wish to access the database hosted on this remotely. Please tell me how can I do so in a secure manner. Please also mention the changes I will need to make in my firewall configuration.

  • User profile image
    ZippyV

    Use Remote Desktop to access your server. Don't expose SQL Server directly to the internet because you will get attacks on it.

    Also, make sure the "sa" account in SQL Server is locked and disabled.

  • User profile image
    W3bbo

    , shashank.ash wrote

    I am running SQL Server 2008 Express. I wish to access the database hosted on this remotely. Please tell me how can I do so in a secure manner. Please also mention the changes I will need to make in my firewall configuration.

    A few questions and common responses:

    Do you want to remotely administer the database? Or do you want a program on another computer to be able to access the data?

    If it's just administration then ZippyV's method is one way: simply install SSMS on the computer and access it over Remote Desktop. However exposing SQL Server to the Internet is not the massive security risk it used to be so I don't have any personal opinions against it, but I do advocate using a non-default port setting (use the SQL Server Configuration utility for this).

    How 'secure' do you want it to be? Don't confuse Authentication security with connection security.

    If it's in a LAN situation on a domain then use Integrated Security (aka SSPI) that way you don't need to store usernames or passwords as it will use a token obtained from your NTLM/Kerberos server. If it's over the Internet or the client isn't a member of the same AD domain as the server then you need to use SQL Server Authentication which involves putting the UN/PW in the connection string.

    SQL Server supports using SSL/TLS-secured connections, but configuring them isn't that simple. Read this article for further details. You will need to procure a certificate, GoDaddy does them for $40/year. You can use a self-signed certificate which will protect against casual eavesdropping but will not protect against MITM attacks.

    As for your firewall, just allow the port that SQL server is using. As I said above, use a non-default port (preferably something above 1024 and don't use 1433).

     

  • User profile image
    blowdart

    Also note SQL Express doesn't enable TCP/IP connections by default - you will need to enable it. And make sure the firewall permissions are open too.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.