OLEDB security

Forum Moderators: open

Message Too Old, No Replies

OLEDB security

How secure is an OLEDB connection?

tawny_owl

4:18 pm on Sep 8, 2006 (gmt 0)

We have a SQL database on the web which stores orders taken from our website.

I'm going to connect to this using MS Access running locally on an office PC, then query the SQL database.

Just wondering how secure the OLEDB connection is. How easy would it be for someone else to intercept the data?

Thanks in advance.

Easy_Coder

4:43 pm on Sep 8, 2006 (gmt 0)

oledb requires full trust which is the highest level on a machine (the opposite of good). Oh, and is the data encrypted?

mrMister

4:13 am on Sep 9, 2006 (gmt 0)

You'll be sending data, including your databse password unencrypted across the Internet. Anyone in control of a machine through which your packets pass could easily sniff the data if they were so inclined.

To secure the data you could tunnel the OleDb connection through SSH. An other option would be to connect directly to the machine rather than passing the data across the Internet.

vincevincevince

4:46 am on Sep 9, 2006 (gmt 0)

Or write a web-interface and run it on a properly secured SSL server

aspdaddy

3:20 pm on Sep 10, 2006 (gmt 0)

You have 3 big problems with that approach 1) exposing SQL ports to the www, 2) using sql authentication 3) sending the user/pass and data over the web unencrpted.

An other option would be to connect directly to the machine rather than passing the data across the Internet.

What are you suggesting there? to just turn up at the hosting company ;)

tawny_owl

11:58 am on Sep 11, 2006 (gmt 0)

In response to aspdaddy's post, the SQL ports are already exposed to the www because I can connect to the server using SQL Enterprise Manager running on my PC. It seems to be my ISP's default setting.

How do I tunnel the OleDb connection through SSH as mrMister suggests?

Also, If I connected a local copy of SQL server - i.e. SQL Server to SQL Server, would this be any more secure than connecting Access to SQL Server?

mrMister

6:20 pm on Sep 14, 2006 (gmt 0)

An other option would be to connect directly to the machine rather than passing the data across the Internet.

What are you suggesting there? to just turn up at the hosting company ;)

A direct link between two machines, Dial-up would be the cheapest (using point to point protocol). ISDN is another option and some companies do it with leased lines.

[edited by: mrMister at 6:20 pm (utc) on Sep. 14, 2006]

aspdaddy

8:01 am on Sep 19, 2006 (gmt 0)

you mean like using rasdial over PPTP?

mrMister

4:51 am on Sep 21, 2006 (gmt 0)

you mean like using rasdial over PPTP?

No I mean a direct PPP connection.

PPTP is PPP tunnelled via the Internet. I guess that'd work for the job as long as encryption was implemented, it'd be a similar solution to SSH tunneling.

[edited by: mrMister at 4:57 am (utc) on Sep. 21, 2006]

OLEDB security

How secure is an OLEDB connection?

tawny_owl

Easy_Coder

mrMister

vincevincevince

aspdaddy

tawny_owl

mrMister

aspdaddy

mrMister

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week