| 5:23 pm on Dec 22, 2010 (gmt 0)|
My opinion is that they are going about things the wrong way. Instead of blacklisting IPs that are denied access, they should whitelist IPs that ARE allowed access (and block everyone else).
Is there a particular reason why anyone other than your web sites (and except for maybe a handful of IPs belonging to DBAs) should have direct access to your database?
| 6:15 pm on Dec 22, 2010 (gmt 0)|
erm, a few lines of asp.net code validating each password logon attempt , session cookies, validating logon attempts to user ip , account lockout,,
at least one popular forum software has this built in, php tho, but can be done in asp.net
| 7:56 pm on Dec 22, 2010 (gmt 0)|
Yes guys I finally found some info to give them and have. It just flat drives me nuts with the put me off attitude. I will stay on this very hard.
Life I feel the same way when I started asking why I am getting all these errors in my WM account and was told how this was being addressed.
| 11:30 am on Dec 23, 2010 (gmt 0)|
Is it SQL Server - change from the default port number for a start if on webserver
| 2:52 pm on Dec 30, 2010 (gmt 0)|
If your database server is on the same local network as your web server, which it should be, you should be able to black list all database connections not coming from your local network. Either that, or white list any web server that you want to login to your database, and block the rest.
If the database is on the same machine as the web server, you can allow local host connections only.
Pretty much any web guy can do either one of these changes in < 10 min, so they shouldn't put you off for to long..