October 15, 2018 at 4:41 am
We host a number of different databases for different clients who all use our application on SQL 2012 default instance. Customer A connects to database A, Customer B to database B etc etc....
One of our clients has asked if they can have the ability to connect directly to one of their databases which means we need to expose our sql server port directly to the outside world.
They do not want to use a VPN.
They would have to use sql server logins.
If we enable SSL encryption to enhance security, would every other single client (customer) who connects to the database require the certificate installing also, or can this be done on customer by customer basis (or in other words, on a database by database basis).
.
October 15, 2018 at 9:09 am
Presuming you're talking about the option to "enforce encryption" in the SQL Server network properties in Configuration Manager, if you don't set it to "Enforce Encryption - Yes" then the other clients can connect without a certificate.
BUT this is server-wide, not per-database AND it would mean anyone trying to come in over the internet would not need the cert, either.
Really, to me, this whole possible setup reeks of a "Very Bad Idea" As you / your organization is responsible for the safety and security of the SQL Server and the databases that reside on it, the answer to the client in question should either be a resounding "NO," or a "You want to do this, you do it through a VPN, or not at all." But also give them the reasons why you will not let them do this.
If they persist, or upper management at your organization says to do it, first, get it all in writing, second, I'd push to split the client off to their own dedicate SQL Server, which would be completely separate (both logically and physically) from your other clients so that when (not if, when,) their server gets hijacked, no one else is impacted.
October 15, 2018 at 9:23 am
Yes - I was talking about the option you set in SQL server network properties in Config Manager.
Your thoughts actually reflect what I initially said when this was proposed, in that I said it should be via a vpn or not at all. The upper management did agree that we should be dictating to them and not vice-versa.
We have actually also decided to move their database to a dedicated server.
October 15, 2018 at 11:26 am
Are they at a known office or random internet places? If the former, there are other solutions, including IP limitatons and/or IPSec at the networking layers. Similar to VPN, but can be transparent.
If I had to do this, I'd really make a strong case for why this is a bad idea and absolve myself of any blame if this doesn't work well. I'd also try to ensure each client was on a different instance. At least that way, one lost laptop from one client doesn't affect all others. As it is now, Jason noted, this is one cert for all clients.
October 16, 2018 at 12:25 pm
I would strongly recommend NOT going this route and rather find out WHY the client wants access.
In other words, go back to the initial question for which they think the answer is "Connect directly to the database"
Quite likely another solution can be found that gives them what they want without direct access to SQL Server.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply