Q

Secure method of providing authentication to SQL databases

This Content Component encountered an error

A recent article on the SANS site recommends that user IDs and passwords for Web applications to authenticate to database servers should NOT be stored in scripts. What is a secure method of providing Web application authentication to SQL databases? My environment: Web servers on separate firewalled DMZ allowing HTTP/S from Internet; SQL database servers on internal network behind same firewall, allowing port 1433 from Web server IPs...

to SQL server IPs. SQL user ID and password are stored in file on Web servers.


I recommend using Secure Shell (SSH) to help securely authenticate and encrypt the connection from a Web server to a database server. As long as the connection uses TCP, you can implement SSH with port redirection for any type of service. All data can use the public-key authentication mechanisms of the SSH channel and will be encrypted as it passes between the systems. You need to put an SSH client on the Web server and an SSH server on the database server. You can get free, open source implementations of SSH at www.openssh.com or commercial versions (including Windows versions) at www.ssh.com. When using SSH, please make sure to use SSH Protocol Version 2, as the earlier incarnation of the protocol has security flaws.


For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Implementing SSH
Definition: Secure Shell
Best Web Links: Database security


This was first published in June 2002

Dig deeper on Database Security Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close