Can you update a remote web sql database securely? - sql

We have sql 2000 databases on our internal network secured behind ISA Firewall. Up till now we have not opened tcp port 1433 to allow external sql traffic in or out. We also have a remote external website with a later version of sql on.
Is there any way to update the external database from our internal network without increasing the chance of anyone hacking into our internal network?

The Sync Framework does this for most cases. I'd recommend against opening up your firewall to allow anyone to connect to your database server - that's pretty much inviting hackers to own your data.
The Sync framework works natively with SQL Server 2000 SP4 and later - though you can probably find a provider for older versions if you try. By using a provider framework, Sync can in principle connect to any data source.

Related

Connecting to SQL server through the internet using matlab JDBC

I made a GUI software in Matlab that will access my SQL server database. So far, I have been able to access the database from all of the computers in my lab. However, these computers are all on the same network, and the database will need to be accessed through networks outside of the lab. I can already access my database using another instance of SQL Server from my home. My question is, is it possible to access my database from an outside network using Matlab and the JDBC driver?
Here is the TechNet article: http://technet.microsoft.com/en-us/library/ms175483%28v=sql.105%29.aspx
Main things are: TCP/IP libraries enabled on SQL Server(that better be on anyway). Incoming ports enabled. Defaults are TCP 1433 and UDP 1434, but you may have changed those during installation if you used named instances of SQL SErver.

Online SQL Server database accessed from my software

I have been working on the software using a SQL Server database. Now I am in the phase when I would like to provide this software for other people, but I don't know how to manage the database. The thing is that it is really inconvenient when installing my software to also install SQL Server at the users computer (many unexpected thing could happen).
Therefore I thought that I would pay for web hosting with SQL Server, but it is:
Expensive (just for database with few tables).
Most of the web hosting don't offer remote access to the SQL Server database (so I can't connect there from my software).
So there is my question, what would you do? My own virtual server? (even more expensive), or would you install SQL Server on users computer? Or do you know where to get only SQL Server hosting for low costs?
I don't advice using a remote SQL Server. SQL Connections strongly depend on network connection and the Internet is not "stable" enough for that. There are also performance issues that will make your application completely useless.
One important thing you didn't mention is whether different users will share the same data or will have their own. If each user will use their own data you can install a "local" SQL Server Edition (SQL Compact Edition, here is the reference)
http://msdn.microsoft.com/en-us/library/aa983341(v=vs.110).aspx
In case several users will share the same data, you shouldn't rely on the database solely. One possible approach is having an Application server that implements business logic whereas your desktop application stays actiong as a "dumb" client. This is a lot better for performance and reduce data transfer problems. You can implement webservices for you application server. This is a good solution as the data is transfered from he application server to the clients through HTTP/HTTPS and this relieves you from dealing with ports and other communication issues. An alternative is using Microsoft Communication Framework (WCF)
Good luck!

Can SQL Server Express LocalDB be connected to remotely?

I am looking into using the new SQL Server Express LocalDB (I think it is code named "Denali") for a desktop application.
It is currently running with SQL Compact, but the user is wanting to share the database between multiple PCs on a network. Unfortunately this is not something that SQL Compact can do, so I am investigating other solutions.
The client requires the ability to send database files easily to other sites or to back them up to a flash disk, so I am avoiding going to SQL Express because there is quite a bit of "administrator" knowledge required to backup and restore.
So, my questions is, does the new SQL Express LocalDB support remote connections to the database over a network and/or through a shared network folder with the mdf file in it?
LocalDB does support supplying a path for an attached local DB in it's connect string (AttachDbFileName) hence the shared network folder option.
NOTE: This question pertains to "LocalDB" the new version of SQL Express 'Denali' and not to SQL Server Express 2008 or prior.
See article here announcing LocalDB's release: http://blogs.msdn.com/b/sqlexpress/archive/2011/07/12/introducing-localdb-a-better-sql-express.aspx
No, SQL Server Express LocalDB doesn't accept remote connections.
The idea with shared network folder might work, but only if you are able to make sure the LocalDB instance is shutdown before you try to copy the file. Also keep in mind that only one LocalDB instance can have any given database file open at the same time. and don't forget about the log files!
Additional security warning: unlike SQL Server Compact databases, SQL Server Express databases (including LocalDB ones) are not designed as secure data exchange format. For instance, they can contain malicious code in .NET assemblies embedded in them. So you should never open databases from untrusted source.
Maybe providing the customer with a simple tool that automates the backup process would be a better idea?
This isn't a fresh thread, but I would like to share my experience with SQL Server Express database LocalDB.
I have a WPF C# project using SQL database with LocalDb Engine. It is working fine no problem, I can use the database with the WPF app. I wanted this app to work on network with more PCs.
On the network another PC can use the database from my PC using UNC path in the connection string.
It seemed to me the remote connection is working. However when the remote PC is connected, I am not able to use the database with my local WPF app. If I run my app first the remote PC could not connect. So this tells me that the remote connection is working, but the multiple connection is not allowed.
OK, I didn't give up and I run the app from my PC twice and I saw it is working which tells me that the same SQL LocalDB engine can handle multiple connections locally only.
I hope this experience will help someone. Thanks.
In short, yes it can. Here is a tutorial on how to configure it.
Also, here is another post with a potential issue that might occur.
Both explain how to configure SQL Server Express to accept Remote Connections.

ODBC via ssh tunnel to a 3rd machine

At work we have a SqlServer database that cannot be connected to from outside our internal network. If we want to work remotely we can ssh into several other servers on our network and then work via X Forwarding so the development applications have access to the database.
This is annoying for a bunch of obvious reasons such as latency in the IDE and I'm wondering how I could tunnel the database connnections back to my machine. It seems like this should be possible but I'm not sure how to do it since there's has to be an intermediate step in between. This question is similar to what I want to do but only works for going directly to the db server if I understand it correctly.
I'm asking specifically about ODBC because that's the driver the application already uses. If there is a more general solution I would of course be open to that.
What I want to do is
Local machine (Linux) -> Server (Linux) -> Database connection to DB (Sql Server)
Well, as you say, if you wanted to directly use a encrypted connection to SQL Server you could just use Linux driver that give you that, and most I think do. You could use a bridge as already suggested. But It might be possible using socat. What driver are you using on the local machine? I will have a quick play and see how it works.
The OpenLink Software - Multi-tier ODBC Driver for SQL Server might help you out here...
It has a client server architecture as which can easily be configured in a three-tier (client/proxy/server) architecture as follows --
Linux Client -
ODBC Application
OpenLink Generic ODBC Driver (Multi-tier client component)
Linux Proxy -
OpenLink Request Broker (Multi-tier server component)
OpenLink Database Agent for SQL Server (Multi-tier server component)
Windows Server -
SQL Server DBMS

How do I speed up my application connecting to MS SQL Server?

I have a Delphi application running on SQL Server 2000, but it's taking awfully long to connect to the database!
But when I run this application on my development server it connects pretty fast!
I am running on Windows 2003 server, SQL Server 2k personal edition, when I look on my MDAC version in the registry, I see version 2.8 already installed!
Any ideas why this happens on the production machine but not on the development machine?
There's a reasonable chance that this is down to a network level issue connecting to the database. Depending on whether you're running the application and database on the same box of course.
Try connecting to the database from the same machine using a different tool. You could set up a data source and test it from the control panel as an alternative. If the connection is slow from another tool test the connectivity between the servers for other types of connection (e.g. run a ping). It may be that it's resolving the server via broadcast rather than the domain, for instance. Or any number of other issues - firewall, switch, wins etc.
If you are connecting using integrated authentication also ensure that the database can resolve the application server as well as vice versa. This is part of the authentication process and I've seen it cause slow downs in creating database connections before.
In short, I'd be confident that this isn't a problem specific to delphi / sql, but something in the communications between your production servers.
Good luck!
Keep your connection open once you have established it. This is called connection pooling and will improve performance. I have no clue how to do it with a delphi application.
Your problem most likely is network or transport layer related
Are you connecting through TCP, Named Pipes or another mechanism?
Have you tried tracing opening a connection with Microsoft SQL Profiler?
regards,
Lieven
I had a problem a long time ago like this, and it came down to the workstation section of the connection string. its possible if you've copied the connection string from your dev machine that the workstation parameter is still in the connection string and pointing to your dev machine which probably does not exist on your deployment network.
In this case your connection to the database has to wait until the network tries to connect ot a non-existant machine (which obviously takes time). Remove the workstation cluse and it will speed up no end.