Henry Sieff wrote:
> it depends on whether or not you have set your Client Network
> Configuration to use TCP/IP or Named Pipes by default. You can do this
> by setting it to use TCP/IP, and then port 1433 (or whatever you want,
> if you change it on the server side).
>
> I would think very carefully about the architecture decisions which
> require this. Its a risky decision to allow this through a firewall;
> its a topic of much discussion and most resolutions require compromise
> and heartache (the yin and yang of network design, actually.)
I agree. We allow connections to SQL servers only from inside the
network (which includes things on both sides of the VPN) so that we can
maintain things without using terminal services to get all the way
there, transfer files, and so on. It's terminally annoying that you
cannot simply DTS a large amount of data into some sort of archive and
then DTS it back; I bet someone could make some good money writing a new
data converter for SQL that would let you do that. If you do this, I
expect a cookie.
I highly suggest you not allow SQL access from the outside world. Even
allowing it only from a given IP could be a risk, though that's less
likely. Especially DO NOT allow connections to SQL from the outside if
you are using SQL security rather than only mixed-mode; Passwords for
SQL server security are (at least in SQL 7 and below) sent in clear
text. I suspect they are in SQL 2000 as well. In addition, there is no
protection for repeated login failures, so someone can brute force their
way into your SA account across the 'net.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
