Linking Servers between Companies 1

[LonnieJohnson]

Is it possible for Company A to create a Linked Server on their SQL Server that connects to a database on the SQL Server of Company B?

We are working with a company and wanting to know the best way to share information between two companies and we both use SQL Server.



ProDev, Builders of Affordable Software Applications
Visit me at ==>

http://www.prodev.us

May God bless you beyond your imagination!!!

 

[MDCrab]

it's possible, but dangerous. The network engineer of the company that has the source server has to open up their firewall to enable this. That enables nasty people/nasty bots to try to hack into the source server.

 

[LonnieJohnson]

Is this still the case if you use a VPN?

ProDev, Builders of Affordable Software Applications
Visit me at ==>

http://www.prodev.us

May God bless you beyond your imagination!!!

 

[MDCrab]

Lonnie,

Re: VPN, I don't see what the difference is. The source database has to be opened up on the firewall. This invites hacking, malicious requests.

 

[danvlas]

VPN would be just fine.

Use local IP addresses to connect to the servers and that's it.

The firewall would block anything from the Internet, but allow VPN requests.

The risk is the same as if the servers were on the same network.

The invitation to hacking stays valid, but it is limited to 2 local networks and a sensible security model can keep you safe.

Under no circumstances should you allow direct access to tables (IMO not even Select).

Under no circumstances should you allow dynamic SQL to be executed.

HTH


Daniel Vlas
Systems Consultant

 

[SQLWilts]

I agree whole heartedly with Daniel. I have implemented this before, and went as far as read only access over views (NOT the tables) that were based over a dedicated database which I fed with only the data I wanted the other company to see.
Your data would not only be seen by the other company though - it could be downloaded, so be sure that you only release data that you are 100% happy for the other company to view, download, duplicate and (worse case scenario) sell!!

 

[LonnieJohnson]

Thanks guys. This is what I needed to know. Actually it is the other company that we need to get data from. I am with an agency that provides child welfare care for the state. We may be getting a contract with another state and they have all the data on their system about the kids. We have to use their front end. I need to access the backend to create reports for my company so we were pondering the most secure method of access live data that would make them comfortable.

Thanks again.


ProDev, Builders of Affordable Software Applications
Visit me at ==>

http://www.prodev.us

May God bless you beyond your imagination!!!

 

[mrdenny]

Have them backup the database, obfuscate what ever data needs to be obfuscated, then have them send it to you. This way you can create what ever reports are needed and get them back the statements.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2008 Implementation and Maintenance / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Admin (SQL 2005/2008) / Database Dev (SQL 2005)

My Blog