Source language: Translate to:

How do I secure a connection to a MS SQL 2005 DB

Questions about our Advanced Database plug-in

Moderator: Neosoft Support

How do I secure a connection to a MS SQL 2005 DB

Postby stagmannz » Tue Aug 14, 2012 11:02 pm

Hi,
Im building an app that will manage a companies CRM requirements. So far so good and it will work fine on a local but, the owner has ask if I can allow his customer services staff to update customers details and take phone orders which would be populated in the database.

The only concern I have is how to encrypt the passage of data between the client side and server. Will an SSL cert be enough or do i need something else?

Thanks
stagmannz
 
Posts: 15
Joined: Tue Feb 22, 2011 11:34 pm

Re: How do I secure a connection to a MS SQL 2005 DB

Postby dpayer » Wed Aug 15, 2012 8:30 am

stagmannz wrote:Hi,
Im building an app that will manage a companies CRM requirements. So far so good and it will work fine on a local but, the owner has ask if I can allow his customer services staff to update customers details and take phone orders which would be populated in the database.

The only concern I have is how to encrypt the passage of data between the client side and server. Will an SSL cert be enough or do i need something else?

Thanks


Other things to consider would be the app used to generate the PHP or ASP based forms that you use to put the data in the database from remote access with a browser. (You weren't thinking to allow people to log on to the server remotely and use your NB app were you? An SSL cert won't help with that or with anything your NB app does, except if you use a web browser component in your app and push data via that mechanism).

If the PHP or ASP (ASPX) is susceptible to intervention (SQL injection, etc) your content on the database could be exposed. There are some good RAD tools to create those forms for you that will allow access based on credentials (even Windows domain based credentials) which can push data into your DB.

David P.
User avatar
dpayer
 
Posts: 1383
Joined: Mon Apr 11, 2005 5:55 am
Location: Iowa - USA

Postby stagmannz » Wed Aug 15, 2012 2:30 pm

Thanks David... lol im not now!!

So, scrap the idea of allowing users to access the database from NB, build a webform and go that way? Is it not practical to use NB for the system as a whole due to security reasons?

Also, what RAD tool would you recommend to build a web based GUI?
stagmannz
 
Posts: 15
Joined: Tue Feb 22, 2011 11:34 pm

Postby dpayer » Thu Aug 16, 2012 8:17 am

stagmannz wrote:Thanks David... lol im not now!!

So, scrap the idea of allowing users to access the database from NB, build a webform and go that way? Is it not practical to use NB for the system as a whole due to security reasons?

Also, what RAD tool would you recommend to build a web based GUI?


Every tool has its strengths and weaknesses. You are comfortable with NB for what it does but when you are considering remote web access to production databases you need to have some good planning. When you open a path via the internet for legitimate access to your database, you also open a path for illegitimate access to same. How do you secure things so only the good guys get in? Or how do you limit access so if they get in part way, they can't break things?

With web based forms, you can authorize people with a username/pw to have access to the form. Then use a SSL cert on your webserver to encrypt the content as it travels through the network. With the right forms, you will limit access to certain tables you want them to interact with.

If you are working with a Windows server, you will have IIS installed already so you may want to consider ASP/ASPX based forms. Otherwise with either IIS or Linux/Apache you can use PHP. If you haven't decided on a platform, consider a LAMP / WAMP base (Linux, Apache, MySQL, PHP - OR - Windows, Apache, MySQL, PHP). Here is a list of such packages: http://en.wikipedia.org/wiki/Comparison_of_WAMPs

I have used WAMPServer and XAMPP successfully.


Here are a couple RAD form tools to look at. They are not overly expensive:
http://www.hkvstore.com/ (good forum - I've used the asp tool)
http://bigprof.com/appgini/ (good entry level tool - I know people using this)
http://dbqwiksite.com/ (seems quiet as a developer)
Here are some others from wikipedia: http://en.wikipedia.org/wiki/List_of_ra ... _RAD_Tools

Another idea is to put a Joomla site up and then use the web form tools you can easily install into it to push data into a DB. (some limits for editing database entries via web with this method though).

Good luck with your project!

David P.
User avatar
dpayer
 
Posts: 1383
Joined: Mon Apr 11, 2005 5:55 am
Location: Iowa - USA


Return to NeoBookDBPro

Who is online

Users browsing this forum: No registered users and 1 guest