| Author |
Topic |
|
c567591
Starting Member
8 Posts |
 Posted - 2006-02-23 : 18:18:26
|
| How can I restrict access to SQL Server to only certain IP's or Computers? |
|
|
Merkin
Funky Drop Bear Fearing SQL Dude!
4970 Posts |
Posted - 2006-02-23 : 18:39:45
|
| With a firewall. The IP policy in Windows will do the job too, however it's not something you want to play with on a live server if you are unsure of what you are doing.Damian"A foolish consistency is the hobgoblin of little minds." - Emerson |
 |
|
|
afrika
Master Smack Fu Yak Hacker
2706 Posts |
Posted - 2006-02-23 : 18:56:17
|
| Also note, if you do have users access data via a web app, you could restrict users via your web app front end.Does this help ??? |
|
|
|
Merkin
Funky Drop Bear Fearing SQL Dude!
4970 Posts |
Posted - 2006-02-23 : 19:10:21
|
quote:
Originally posted by afrika
Does this help ???
Not really  Damian"A foolish consistency is the hobgoblin of little minds." - Emerson |
|
|
|
c567591
Starting Member
8 Posts |
Posted - 2006-02-23 : 19:50:05
|
| No, I need access to it too.I want to restrict to these certain IPs/Computers so only they can talk to it. |
|
|
|
c567591
Starting Member
8 Posts |
Posted - 2006-02-24 : 09:36:56
|
| What if I did this:Internet <---> IIS Server <-- 2nd nic in IIS server --> SQL ServerOnly give the SQL server an internal IP.To manage it I would have to connect to the IIS server.Thoughts? |
|
|
|
Merkin
Funky Drop Bear Fearing SQL Dude!
4970 Posts |
Posted - 2006-02-24 : 17:20:40
|
| Have you even considered my first answer ?Damian"A foolish consistency is the hobgoblin of little minds." - Emerson |
|
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2006-02-24 : 17:34:15
|
| c567591 (nice username btw!)Your post about Internet --> IIS Server -->SQL Server is a pretty good setup. You don't want your SQL server connected to the Internet. Connecting it to the Internet may allow it to catch worms, virii, etc.If you still need IP control, Merkin's suggestion of access lists in a firewall is the way to go. That access list would determine who can hit the IIS server, and thus the SQL server, from the outside world. This would not limit what IP's could hit that server from the inside world. It also is a good idea to put your "inside" network on a 192.168.*.* ip addressing scheme. That will allow you to save those external IP's as well as give you a bit more security.Michael<Yoda>Use the Search page you must. Find the answer you will. Cursors, path to the Dark Side they are. Avoid them, you must. Use Order By NewID() to get a random record you will.</Yoda> |
|
|
|
c567591
Starting Member
8 Posts |
Posted - 2006-02-24 : 18:07:27
|
quote:
Originally posted by Merkin
Have you even considered my first answer ?
Yes, I was looking into what I need to do to set that up.I won't have a firewall available, and I don't know what I'm doing with the windows restrictions to set that up.Can you elaborate on that some more? |
|
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2006-02-24 : 18:26:35
|
| Well, if you don't have a firewall, do this:Internet <---> IIS Server <-- 2nd nic in IIS server --> SQL ServerIf you got a firewall, set it up like this:Internet <--> Firewall <---> IIS Server <-- 2nd nic in IIS server --> SQL ServerMichael<Yoda>Use the Search page you must. Find the answer you will. Cursors, path to the Dark Side they are. Avoid them, you must. Use Order By NewID() to get a random record you will.</Yoda> |
|
|
|
Merkin
Funky Drop Bear Fearing SQL Dude!
4970 Posts |
Posted - 2006-02-24 : 22:49:34
|
| You using Windows 2000 or 2003 ?Have a look at these articleshttp://online.securityfocus.com/infocus/1559http://online.securityfocus.com/infocus/1566Damian"A foolish consistency is the hobgoblin of little minds." - Emerson |
|
|
|
c567591
Starting Member
8 Posts |
Posted - 2006-02-27 : 11:43:02
|
| Win2003 |
|
|
|
|
Restrict SQL Access to certain computers/IP's