May 20, 2005 at 6:03 am
We are running a SQL 2000 Clustered environment (2-node). A vendor outside our domain wants us to set up a linked-server so they can run querries against one of our databases and retrieve images to store back in their database.
What kinds of issues could I possible encountered if I set this up? Will there be any problem with connection if a node in the cluster goes down? What kind of security issues should I watch for since the vendor is not a member if our domain?
May 20, 2005 at 7:01 am
I guess #1 is how does your companies IS security team feel about a vendor having direct access to your companies information? Why not have a "honey pot" server that gets the information replicated to it (ONLY the information required) and give access to that server?
Good Hunting!
AJ Ahrens
webmaster@kritter.net
May 20, 2005 at 12:56 pm
I think this is highly unadvisable. Linked Servers have their place, but they tend to be rather large security holes. First off, you would have to use SQL authentication with the username and password being sent across the internet. Even if it is encrypted, that would tend to keep me up at night if my database was important or contained sensitive data...
Whatever you do, if you wind up using a Linked server, do NOT alias the remote user as a highly privleged user (sa, dbo, ddladmin etc...) I might even create a view and give the linked server user SELECT access to only the view. And make sure that the Public role is locked down tight!
/*****************
If most people are not willing to see the difficulty, this is mainly because, consciously or unconsciously, they assume that it will be they who will settle these questions for the others, and because they are convinced of their own capacity to do this. -Friedrich August von Hayek
*****************/
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply