Very Computer

by **Todd Mitchel** » Tue, 10 Feb 1998 04:00:00

Hi,
We on our web team would like to install a SQLserver that would be accessed
by an IIS web server through a reverse proxy and ultimately provide info for
the Internet client and more sensitive info to the Intranet community. We
intend to have the IIS box and the SQLserver both connected to our internal
network for upload and publishing capability. Our security gods our having
a lot of heartburn about all this, stating a severe lack of security from
hackers because of Microsoft's less than secure reputation (they quote
specific "CERTs" (sp?) ).
Has anyone used this system this way or configured other ways which would
allow us to publish to our IIS box and have semisecure data on our SQL box
and still have it accessible to the outside world.
I know this all sounds very confusing but it's a difficult picture for me
to paint without a whiteboard :-)

Thanks in advance for any insights,

tjm

--
Todd Mitchell
Webmaster Rockwell Collins Inc.
400 Collins Road
Cedar Rapids, Iowa 52498

by **Marvin Mille** » Tue, 17 Feb 1998 04:00:00

I've probably misunderstood you but....

I'm running a web site that is reverse Proxy'ed using SQL as a
datasource (my catalog)

I don't understand what the problem is? As the site serves up pages it
just grabs the info from SQL that it needs and serves it.
Any private information should be properly protected by
username/passwords/authentication protocols correct?

I am assuming that your publishing is done internally on the LAN
however. If you mean logging on to SQL from *outside* the network and
doing work that way, I'm not sure.

Hope this helps in some way,

Marvin

> -----Original Message-----

> Posted At: Monday, February 09, 1998 2:16 PM
> Posted To: server
> Conversation: sqlserver to the external world behind a reverse proxy
> Subject: sqlserver to the external world behind a reverse proxy

> Hi,
> We on our web team would like to install a SQLserver that would be
> accessed
> by an IIS web server through a reverse proxy and ultimately provide
> info for
> the Internet client and more sensitive info to the Intranet community.
> We
> intend to have the IIS box and the SQLserver both connected to our
> internal
> network for upload and publishing capability. Our security gods our
> having
> a lot of heartburn about all this, stating a severe lack of security
> from
> hackers because of Microsoft's less than secure reputation (they quote
> specific "CERTs" (sp?) ).
> Has anyone used this system this way or configured other ways which
> would
> allow us to publish to our IIS box and have semisecure data on our SQL
> box
> and still have it accessible to the outside world.
> I know this all sounds very confusing but it's a difficult picture
> for me
> to paint without a whiteboard :-)

> Thanks in advance for any insights,

> tjm

> --
> Todd Mitchell
> Webmaster Rockwell Collins Inc.
> 400 Collins Road
> Cedar Rapids, Iowa 52498