sqlfriends (8/7/2012)
The SQL server is behind the firewall.The developer said the web server is outside of the firewall. ( I doubt this is right or not)
Should the web server be outside firewall if want external people like parents access it?
If web server is outside firewall, sql server is inside firewall, do we need to do something like open port 1433 through firewall?
I am a little confused about the security.
Thanks
You can put both the webserver and the sql server on the internal network, with this configuration you would need to employ a reverse proxy. This can be quite secure and provide good performance when set up correctly.
Putting the webserver outside the internal LAN in your DMZ is a typical configuration and would require TCP ports to be opened. If you're smart you'll change the sql server instance port to something non standard and use the IP\port in the webserver connection string. This will negate the need to open the SQL Server browser ports.
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉