Accessing SQL Server

Hi Group,

I have my IIS webserver outside the fire wall and my SQL Server is behind the firewall . Can IIS Still access the SQL Server for ASP pages, is it for this situation do i need to open the port no 1433 in the firewall for SQL Server, if so is there any security threat?
Thank You for your Time
Krishna<sarcasm mode="on">
Security threat? This is Microsoft, you don't need to worry about security!
<sarcasm mode="off">

Sorry about that.

Yes, if you have a firewall and your IIS server is outside the firewall, then you will need to open up port 1433 to allow traffic from your web server back to your SQL server. You should be able to do this in such a way that the 1433 traffic MUST originate from the IP address of the web server.

Regards,

Hugh Scott

Notes:
1. Sorry again for the sarcasm, I couldn't overlook the opportunity.
2. You should be VERY cautious with your ASP pages. It would be far more secure to avoid any ADO references in the ASP pages. Instead, consider creating DLLs that embed the ADO and expose properties and methods that you can access from ASP.
3. Be sure to avoid putting connection information in your ASP. At a minimum, try putting the connection info in the global.asa file or in include files that are in a directory with tighter security.
4. Finally, be sure than you "cleanse" user input of any characters that might be used in a SQL injection attack ("%" "," "'" ";"). there are other characters, but these are the bigger ones.

Originally posted by mellamarthy
Hi Group,

I have my IIS webserver outside the fire wall and my SQL Server is behind the firewall . Can IIS Still access the SQL Server for ASP pages, is it for this situation do i need to open the port no 1433 in the firewall for SQL Server, if so is there any security threat?
Thank You for your Time
Krishna