Jump to content

SQL Server Advice Wanted


kwilliams

Recommended Posts

First off, I'm using SQL Server 2k for the backend and ASP.NET/VB.NET for the front-end.A few questions were posed to me by my boss, and I'd like to get some constructive advice on what he's requesting, and what my answers were to him. Ok, here they are:1) Data Export from Internet Server to Intranet ServerCurrent Setup: We have 2 copies of each table. One is on the web server for display-purposes only, and another is on the internal server where editing is done through front-ends. Boss's Suggested Setup: He wants to have 1 copy of each table that resides on the internal server, and set up jobs to export certain data from the web server to the internal server.My View: I think that if this is possible, it's not a good idea to do for security reasons. I think that it would just open us up to possible hacking directly onto our internal server.Questions:Can you export data from the web server to the internal server when data is edited on the web server?If so, how secure is it to have that setup?2) Encryption/DecryptionDescription of Situation: We currently have a DB table that contains a password column that's not encrypted. My boss wants to encrypt that column directly in the DB table. I researched the subject at this and other forums, and read several accounts about how difficult it is to use encryption within SQL Server. I read from several sources that the two functions used by some (pwdencrypt and pwdcompare) are not supported by Microsoft, so you're on your own if you have any problems. Also, I read that some developers had problems when they upgraded to a newer version of SQL Server.Questions:1) Which setup is better with excryption/decryption:A) Doing it within SQL Server 2k:) Doing it on the front-end with the keys stored in a secure directoryMy View: I'd only like to use a solution within SQL Server that doesn't run into the previosly mentioned set of problems. If there is no way to accomplish this, I think that it would be better to do the encryption/decryption on the application's side of things.Ok, that should do it. I hope to hear some good advice. Thanks.

Link to comment
Share on other sites

1) yes it si possible. It isn't any less secure either way. Red Gate has some really awesome tools for syncronizing database structures and content between servers.

That's good to know, but I'd really like to avoid using a 3rd-party vendor, as we are a local government, and it's not easy to get those approved. So if I was to set this up on my own with a DTS pkg, how secure would that be? That seems like it could open up a small hole for any possible hackers.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...