3

We are setting up an IIS Server on Windows Server 2012 in a DMZ, running off-domain. This server requires access to SQL Server 2005 on the other side of the firewall, inside our domain.

We plan to use SQL Server authentication to achieve this, which means our ASP.NET application will need to know the user id and password. What is the best way to hide this information on the IIS server? We were thinking either embed it in the source code, or encrypt it and put it on a file.

But is there a better way altogether?

Mr Black
  • 133
  • 5
  • 2
    The best way is trusted connections. As for securing your connection string, a common way of doing it is to put in a config file, set your application pool to run under a specific single-use, strong-password account, and then give *only* that account access to that file. – Mark Henderson Feb 20 '14 at 04:09
  • Hi Mark, many thanks for your answer. Our IIS Server is running off the domain in the DMZ - is it still possible to use a trusted connection? – Mr Black Feb 20 '14 at 04:18
  • 2
    You have to do it oldschool style; create matching accounts on both systems with the same password. I've also heard of people creating a security association on the SQL Server (by say, accessing a share), and then using named pipes. – Mark Henderson Feb 20 '14 at 04:35
  • 1
    No worries; I didn't really meant to answer the question in the comments it just kinda happened. So I've posted it as a real answer below. – Mark Henderson Feb 20 '14 at 05:33

1 Answers1

4

Answer from comments above

The best way is trusted connections. As for securing your connection string, a common way of doing it is to put in a config file, set your application pool to run under a specific single-use, strong-password account, and then give only that account access to that file.

Seeing as you're not on a domain, to do trusted connections you have to do it oldschool style; create matching accounts on both systems with the same password.

I've also heard of people creating a security association on the SQL Server (by say, accessing a share), and then using named pipes. But I don't recommend this as it would be quite fragile.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • Many thanks Mark. One final question - is it a better practice to put everything on your firewall and just have a Reverse Proxy sitting in your DMZ? Is that modern "best practice" ? – Mr Black Feb 20 '14 at 06:31
  • 1
    @MrBlack - not really; if you have have a vulnerability in your web app, you're just going to proxy requests inside your protected network. It's always a tradeoff between security and functionality; web server outside, SQL server inside, only open :1433 between the web server and the SQL server's firewall, etc etc. Security in depth is a wide subject that I don't pretend to know enough about. – Mark Henderson Feb 20 '14 at 09:10