Problem solve Get help with specific problems with your technologies, process and projects.

Secure method of providing authentication to SQL databases

A recent article on the SANS site recommends that user IDs and passwords for Web applications to authenticate to...

database servers should NOT be stored in scripts. What is a secure method of providing Web application authentication to SQL databases? My environment: Web servers on separate firewalled DMZ allowing HTTP/S from Internet; SQL database servers on internal network behind same firewall, allowing port 1433 from Web server IPs to SQL server IPs. SQL user ID and password are stored in file on Web servers.

I recommend using Secure Shell (SSH) to help securely authenticate and encrypt the connection from a Web server to a database server. As long as the connection uses TCP, you can implement SSH with port redirection for any type of service. All data can use the public-key authentication mechanisms of the SSH channel and will be encrypted as it passes between the systems. You need to put an SSH client on the Web server and an SSH server on the database server. You can get free, open source implementations of SSH at www.openssh.com or commercial versions (including Windows versions) at www.ssh.com. When using SSH, please make sure to use SSH Protocol Version 2, as the earlier incarnation of the protocol has security flaws.

For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Implementing SSH
Definition: Secure Shell
Best Web Links: Database security

This was last published in June 2002

Dig Deeper on Database Security Management-Enterprise Data Protection

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.