Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASP.Net Security Question

Status
Not open for further replies.
ARCITS

ARCITS

Programmer
Apr 4, 2002
99
GB
We have developed an ASP.Net application which we wish to put on our IIS. This IIS is on the intranet the other side of the firewall.

The problem we are grapling with is how we allow the application to talk to our back end databse via ODBC o don't we?

Do we allow an open channel to the database? What about hackers?

Do we replicate the database and put it on IIS on the Intranet? It's a large database!!!

Can we tell IIS just to allow communication between a specific PC through the firewall?

Authentication of the users we can do but the dilema we have is that the application needs to talk to Oracle via ODBC so where do we put this data?

Leave it where it is now and open a channel for ODBC to communicate or put it the other side of the firewall?

Any articles/sites about this topic and any other help greatly appreciated.


Regards,


CAB
 
Sort by date Sort by votes
That would greatly depend on your setup. Is the IIS server within your control (i.e., not hosted)

The best method would be to bring the IIS server behind the firewall and open only the ports needed for IIS and forward them to the specific machine. No sense in leaving a whole server outside the firewall.
 
Upvote 0 Downvote
Yes we have control of IIS.

What we are concerned about is if we allow access to IIS we allow access to the main Oracle database?

What set up do you have for example?

Do you know of any good articles on this subject as I guess there are many ways to achieve the end result?

Thanks!

 
Upvote 0 Downvote
as theoxyde said, you should have the IIS server behind the firewall and allow only requests on the port 80 (the HTTP port) and between the IIS server and the database (especially if they're connected through a LAN) you don't need any protection. it would look like this:

Firewall (allow access only on port 80)
---------------|----------------------
|
------ LAN ------- | HTTP --------
| DB | ..... | IIS |.......|....... | user |
------ | ------- | --------
| |
|
-----
optional Firewall

another option is to configure a special port to comunicate from the IIS computer to the DB computer and set a firewall to allow only connections form the IIS comp to the DB on that port.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
264
Makumbi256
Makumbi256
snakehips2000
  • Locked
  • Question
Entity Framework, MVC, ASP.NET, ASP.NET Core etc… etc
Replies
0
Views
308
snakehips2000
snakehips2000
WIREMESH
  • Locked
  • Question
Play mp4 files in asp.net 2.0 webforms application
Replies
0
Views
99
WIREMESH
WIREMESH
WIREMESH
  • Locked
  • Question
ASP.NET 2.0 Webform compilation error
Replies
1
Views
132
jbenson001
jbenson001
Carlvic
  • Locked
  • Question
Things need for ASP.Net
Replies
5
Views
150
Carlvic
Carlvic

Part and Inventory Search

Sponsor

Back
Top