mastering sql server 2000 security PHẦN 9 doc

The chapter then moves to a description of the options that areavailable for connecting to SQL Server over the Internet, including directconnections to SQL Server, connections made throu

the level of auditing, the more overhead you will have to create in theapplication This overhead generally increases the complexity of maintain-ing the process Use the more complicated options only when they are arequirement of your business system In most cases, application auditingcan be simple and used to store the most recent change information Fol-lowing are the three levels of auditing:

New record tracking. You may only need to know the user who

added a record to the table, which would make this level of auditingappropriate

Modification tracking. In addition to knowing the user who added arecord, you may need to track the user who made the last change Ifthis is your desired level of auditing, you should determine howdetailed this level of tracking should be You will need to know theanswers to the following two questions:

■■ After a record is modified, do you still need to know the userwho added the record?

■■ When a record is modified, do you need to be able to track allmodifications or just the most previous change?

Deletion tracking. At this level, you need to determine if you want totrack a record that has been deleted If you want to track the deletedrecords, you also need to determine if you want to store the originalnew record tracking and modification tracking information

The following sections describe the changes that need to occur withinyour database to support these levels of application auditing

New Record Tracking

New record tracking is the easiest level of application auditing to ment You will want to be able to track the user who performed the opera-tion that added the new record On the tables that you want to audit, youwill need to add a column that stores the username of the user who createdthe record

imple-For the new column you need to create a default that uses the name() function If the column is not supplied by the INSERT statement,then the username() function fills in the value The username() functionsupplies the current username value Defaults are applied only at inserttime, so this process is an effective method of tracking the new record and will not change as users make modifications to the record To add the

user-username() function default to a table in your database, perform the lowing steps:

fol-1 Open Enterprise Manager

2 Click to expand your server group

3 Click to expand the server that you want to alter

4 Click to expand the Databases container

5 Click to expand your database

6 Double-click on the Tables container

7 From the Details pane, right-click on the table you want to audit andselect Design

8 From the Design Table dialogue box, add a column that will be usedfor auditing (in our example the column is named Iusername), as

shown in Figure 14.7 The Data Type should be a character type that

allows for the current username to be added More information on

the character data types can be found in SQL Server Books Online

9 Click on the column you created in step 8, and in the lower pane in

the Default Value field type username()

10 Click the Save icon on the Toolbar to save the changes you have made

Figure 14.7 You can create a column within your table to store the username of a user who adds a record.

Modification Tracking

With modification tracking you first have to determine whether or not youneed to track all changes that are made to the record You also need todetermine whether you want to store the name of the original creator of therecord or just the name of the user who made the most current change Inthis section the following three scenarios are described:

■■ The user who made the most recent modification is stored

■■ The user who made the most recent modification is stored alongwith the original creator of the record

■■ All modifications are stored

The User Who Made the Most Recent Modification

This implementation is similar to new record tracking You should ment this type of auditing when you need to track the user who performedthe most recent modification, not just the creator of the record When a newrecord is added, you want the user who added the record to be stored withthe record After a change is modified, you want to store only the user whomade the most recent modification Perform the following steps to main-tain this level of auditing:

imple-1 New record tracking has to be configured as described in the

proce-dure in the preceding New Record Tracking section.

2 When a record is modified, you should perform one of the followingactions within a transaction The first option is to create a transac-tion that is a combination of an INSERT and a DELETE statementinstead of an UPDATE statement The old value is deleted and thenew value is inserted as a new record This process makes it possiblefor the username() function to work as it did for a new record Yoursecond option is to update the column you previously created forauditing whenever you update another column This procedureshould be performed with a trigger to ensure that every UPDATEstatement includes the modification of the auditing column Thetrigger should be set on the table and should be configured onUPDATE The trigger should set the audit column to the currentusername by using the username() function More information ontriggers can be found in SQL Server Books Online

The User Who Made the Most Recent Modification

Is Stored with the Creator of the Record

In some cases it is useful to store the name of the user who originally ated the record along with the user who performed the most recent update

cre-In this case you need to perform the following steps to meet your auditingrequirements:

■■ New record tracking has to be configured by following the

proce-dure presented in the New Record Tracking section.

■■ A second column has to be created in the table for auditing purposes

to hold the name of the user who most recently updated the column.Use your naming conventions to guarantee consistency throughout

your database The second column should also be configured with

the username() function as the default When a record is added, bothcolumns should contain the username of the user who added the

record

■■ A trigger should be added to update the column you created in step

2 whenever the record is modified The trigger should be set on the

table and configured on the update action Whenever an update

occurs to any of the columns in the table, you want the trigger to

update the newly added audit column With these options set, you

can maintain the name of the user who created the record in the firstaudit column you created and the name of the user who performed

the most recent modification in the second audit column you created

in step 2

All Modifications Are Stored

In this scenario the process starts to get a little more complicated Thismethod of auditing should be configured only when the requirements ofyour system require a full audit trail of all of the modifications that aremade to your database As changes are made to the table in question, youwill delete an old record and insert a new record into the original table Youwill then take the deleted value and write it to your new auditing table.This is a very complete method of auditing, but it does not account fordeletions You should perform the following steps to make sure that youare able to keep track of all modifications that are made to the record:

1 New record tracking has to be configured on the table you want toaudit This feature should be configured as described by the proce-

dure in the section New Record Tracking.

2 You also need to configure an additional column within your

audited table to track the date and time that a record was added.Because every modification performed while you are in this mode ofauditing deletes the old record and inserts a new record, the value ofthis column is always the date and time of the last modification Youshould create a default for this column, similar to the username()default In this case, however, you will want to use the GetDate()function The GetDate() function returns the current date and time.This functions stores the date and time that the action occurred

3 You then need to create an additional table to store the historicalinformation needed to maintain the full audit trail This table shouldhave a column structure that is identical to that of the table that it isstoring information for The only difference should be the primarykey The primary key should be a composite of your existing uniqueidentifier and the date and time column you created This change toyour primary key allows you to store the same column from youroriginal table multiple times Storing the column multiple times isnecessary to track the entire life of the record New record trackingshould not be configured on your new table It should receive boththe username and the date and time columns from the original table

4 You then need to write a trigger for the original table The triggershould be assigned to the DELETE action When a record is deletedfrom the original table, the trigger should take the values and insertthem into the new audit table you created in step 3

5 All modifications should be written as transactions The transactionsshould be written as a combination of an INSERT and a DELETEinstead of an UPDATE statement When you modify a record, theold value is deleted from the table and written to the audit table bythe trigger The new value is inserted into your original table

6 If you want to retrieve all of the iterations of a record, you will need

to JOIN the original table with the auditing table to show all of thechanges to the record

Deletion Tracking

In many cases you will not need to keep track of deletions You will need

to evaluate your requirements to determine if a record has to be trackedafter it has been deleted In some databases data is not actually deletedwhen the user hits the Delete button in the application The most com-mon form of dealing with this issue is to create a history table Forinstance, a customers table may require creating a customer history table

to track customer records that otherwise would have been deleted Thisconcept could be applied to orders, inventory, employees, and manyother items To set up deletion tracking effectively, perform the follow-ing steps:

1 Create a history table that has the same table structure as the

original table

2 Create an additional column in the history table to track the user

who performed the deletion This column should be given a default

that uses the username() function

3 Create a trigger that is assigned to the original table The trigger

should be associated with the DELETE action The trigger should

take the record that was deleted and write it to the new history

table When the record is written, the username() function identifies

the user who performed the deletion

N OT E Triggers are advanced Transact-SQL statements and can be associated

with the INSERT, DELETE, and UPDATE actions When records are deleted or

inserted, the values are temporarily stored in inserted and deleted tables in

RAM on the server When your trigger statements need to retrieve the values

that were previously inserted in or deleted from the table, they should do so

from these tables that are in RAM Your statements will not always work right if

you try to retrieve the values from the original table By using these RAM

tables, you will increase performance and guarantee accurate results More

information on inserted and deleted tables can be found in SQL Server Books

Online.

Best Practices

■■ Use server auditing to audit the successful and failed login attemptswhen you suspect an unauthorized user is attempting to accessyour data

■■ Only use C2-Mode auditing when your business system requiresthat you track all access to database objects

■■ Use the SQL Profiler utility to track security configuration changes.Tracking these changes is useful for keeping a handle on changes toauthentication modes and audit levels

■■ Use the SQL Profiler utility to track Transact-SQL statements Thiskind of tracking is beneficial in troubleshooting failed SQL state-ments It is also helpful in tracking statements that are performingactions that are not authorized

■■ Practice using the SQL Profiler utility It can be a very complex tool.You will be more effective in tracking security violations to your sys-tem if you know how to take advantage of the SQL Profiler features

■■ Use the SQL Profiler utility to track the Windows user account SQLProfiler is the best tool for tracking an action back to the Windowsaccount that performed the action Most other SQL Server tools viewall members of a group as the same login and database user SQLProfiler allows you to retrieve information at both the Windows

2000 and SQL Server levels

■■ Implement application auditing only at the level required by yourbusiness process The more detailed your application auditingrequirements are, the more complex the implementation of the solu-tion will be

■■ Use the username() and GetDate() functions to assist with tion auditing

applica-■■ Use triggers to help maintain audit information that has to be storedacross multiple tables

REVIEW QUESTIONS

1 What is C2-Mode security?

2 What is a SQL Trace?

3 What are the SQL Profiler templates used for?

4 What templates are geared toward security auditing?

5 How can you limit the amount of information captured by SQL Profiler?

6 What is the purpose of the username() function?

Whenever the Internet becomes involved, security becomes a concern Asthe Internet has developed over the last couple of years, the functionalityprovided to the common Web user has continued to increase SQL Serverhas grown in functionality over the same period of time, and inevitablythere are organizations that want to view their data over a Web medium.There are also several Web-based applications that use SQL Server as abackend database product

While organizations strive to make more data available on the Internet,they also have to address a whole new scope of security issues The datahas to be secure and possibly encrypted as it is transmitted, the databaseserver needs to be protected from hackers who will try to expose the data,and firewalls and proxy servers add additional layers of filtering for whichapplications have to account

As data has become more accessible with the growth of the Internet, theconcern arises that your data will also be more accessible to millions ofother users Your organization will need to develop a security strategy thatallows your data to be accessed over the Internet only by the users whoneed to see the data, while still providing as much functionality to theusers as possible

Managing Internet Security

15

N OT E This chapter focuses on interfacing with data via the public Internet Most of the details provided apply equally to a private intranet.

This chapter addresses the Internet security concerns related to makingSQL Server data available over the Internet The first section of the chapterprovides a detailed overview of the Internet integration features of SQLServer The chapter then moves to a description of the options that areavailable for connecting to SQL Server over the Internet, including directconnections to SQL Server, connections made through Internet InformationServer (IIS), and connections made through various Proxy Server and fire-wall configurations This chapter then moves to the Web Assistant Wizardand other options for publishing SQL Server data over the Internet Eachsection of this chapter addresses the security features of SQL Server 2000that affect the data that is accessible over the Internet

Overview of Internet Integration

Features of SQL Server 2000

SQL Server 2000 has been upgraded from its predecessors with the Internet

in mind As making your information accessible via the Internet becomeseasier, you will need to be aware of the security issues that may arise.This section introduces the integration features of SQL Server and theInternet It then identifies how SQL Server works in conjunction with otherproducts to allow Internet access This section then identifies the changes

to the database engine of SQL Server to provide native support for XML

Integration with Other Products

SQL Server 2000 works with other products to form a stable and securedata store for Internet and intranet networks SQL Server 2000 works withMicrosoft Windows 2000 Server and Microsoft Windows NT Server secu-rity and encryption facilities to implement secure data storage SQL Serveruses Windows Authentication, which depends on the integration withWindows 2000 The Windows 2000 Secure Sockets Layer (SSL) features canalso be used to create secure, encrypted connections from the Internet toSQL Server More information on SSL is found later in this chapter in the

section titled Connecting to SQL Server through a Web Server.

■■ SQL Server 2000 forms a high-performance data storage service forWeb applications running under Internet Information Server (IIS).The client browser can be used to connect to IIS, which authenticatesthe user, and IIS then connects to SQL Server to retrieve the data for

the application interface With this configuration the security model

is a combination of SQL Server security and IIS security

■■ SQL Server 2000 can be used with Application Center Server and

Commerce Server to build and maintain large, sophisticated

e-com-merce Web sites With this integration you can create Web stores thatmarket products, accept credit cards, and guarantee encrypted con-

nections All of these items are security measures that Web users

have come to expect from Internet-based applications SQL Server isused as the database engine in this configuration, so the details of

creating an e-commerce site are not included in this book To learn

more about using Application Center Server and Commerce Server

to build and deploy e-commerce Web sites, refer to Microsoft’s Web

site at www.microsoft.com

■■ Analysis Services includes features that support the functionality

required in many Business to Business, or Business to Consumer

Web applications With Analysis Services you can analyze the data

stored in SQL Server and build reports on the effectiveness of your

Web site Features such as distinct count and online analytical

pro-cessing (OLAP) alerts allow you to perform activities such as

ana-lyzing Web site click-streams to evaluate the effectiveness of your

Web interface

■■ An integrated data mining engine supports data mining analysis of

both relational databases and OLAP cubes The data mining engine

is extensible through OLE DB for data mining, allowing you to

incorporate algorithms from Independent Software Vendors (ISVs)

to support extended data mining features

■■ English Query allows Web applications to support users of any skill

level entering English language questions about data in either a tional database or an OLAP cube English Query matches the ques-

rela-tion against a model of the database or cube and returns either a

SQL or a multidimensional expression (MDX) query to retrieve the

proper results

SQL Server Engine Enhancements

The Microsoft SQL Server 2000 relational database engine includes nativesupport for extensible markup language (XML), which is designed specifi-cally for delivering content over the Internet, much like HTML

With HTML you are limited to a set of predefined elements; after thedata is displayed it loses all context For example, if you display a reportover the Web you may want to view your customers and the amount of

money they spent last year Even though the report is meaningful for you

to look at, after it is displayed with HTML, all of the data is treated as thesame type of text There is no distinction between the currency data and thecharacter data in the report

XML allows you to define your own set of elements to maintain thestructural integrity of your data as it is transferred from one location toanother This feature can be used to help facilitate the transfer of data over

an unsecured medium such as the Internet HTTP is a standard Internetprotocol used to transfer files and data The connections made over theHTTP protocol are generally made using port 80 With XML, SQL Serverdata can be passed over the Internet using port 80 This connection allowsthe data to be easily passed through secured environments, which includeproxy servers and firewalls when necessary The following set of options isavailable when you are integrating SQL Server with XML More informa-tion on configuring XML support in SQL Server 2000 can be found inAppendix A, “XML for SQL Server 2000.”

■■ Transact-SQL results can be returned as XML documents to Web orline of business applications using the OLE DB and Active DataObject (ADO) application programming interfaces (APIs), allowingfor the easy retrieval of SQL Server data to a Web interface

■■ You can define annotated external data representation (XDR)

schemas that represent a logical view of the tables in your database.Web applications can then reference these schemas in XPath queries

to build XML documents and populate data for the user This

process will create a view of your SQL Server database schema.XPath queries are defined in Appendix A, “XML for SQL Server2000.”

■■ The SQL Server 2000 includes a data-link library (DLL) that allowsyou to define virtual roots in Microsoft IIS associated with an

instance of SQL Server 2000 Internet applications can then composeURL strings that reference a SQL Server 2000 virtual root and con-tain a Transact-SQL statement The Transact-SQL statement is sent tothe instance of SQL Server 2000 associated with the virtual root, andthe result is returned as an XML document Each virtual root has itsown security settings, which are configured within IIS You can con-trol the level of authentication required and configure encryptionoptions from within IIS

■■ XML documents can be added to SQL Server 2000 databases TheOPENXML function can expose the data from an XML document in

a rowset, which can be referenced by Transact-SQL statements, such

as SELECT, INSERT, or UPDATE

Connections to SQL Server from the Internet

You can connect to an instance of Microsoft SQL Server over the Internetusing SQL Query Analyzer or a client application based on Open DatabaseConnectivity (ODBC) or DB-Library

To share data over the Internet, the client and server must be connected

to the Internet In addition, you must use TCP/IP or Multiprotocol Libraries between the client and the server More information about Net-Libraries can be found in Chapter 7, “Implementing Front-End ApplicationSecurity.” If you use the Multiprotocol Net-Library, you need to ensure thatTCP/IP support is enabled

Net-This section breaks down your options for connecting to SQL Serverover the Internet The first part of the section discusses a direct connection

to SQL Server The section then describes the factors to consider when youconnect to the Internet through a proxy server or firewall Finally this sec-tion addresses connection issues when the browser first connects to IIS,and IIS connects to SQL Server to retrieve the data

A Direct Connection to SQL Server

SQL Server supports direct connections to SQL Server over the Internet Adirect connection is one that doesn’t involve an interface with a Web server

to make the connection to SQL Server In many cases the application willfirst make a connection to a Web server, which then connects to the SQLServer database Applications can now also make a direct connection toSQL Server The connection has to be made using TCP/IP sockets as thenetwork library A socket connection is made up of two parts: an InternetProtocol (IP) address associated with one or more network cards in a com-puter and a TCP port address specific to an instance of SQL Server

Default instances of SQL Server use TCP port 1433 When you installmultiple instances of SQL Server on a single machine, SQL Server assigns

an alternate port number to each subsequent instance These namedinstances dynamically assign an unused TCP port number the first time theinstance is started The named instance can also dynamically change itsTCP port address on a subsequent startup if the original TCP port number

is being used by another application SQL Server only dynamicallychanges to an unused TCP port if the port it is currently listening on wasdynamically selected; that is, if the port was statically selected (manually),SQL Server will display an error and continue to listen on other ports

It is unlikely that another application would attempt to use port 1433,since that port is registered as a well-known address for SQL Server Youwill need to know the IP address or hostname and the port number of your

instance of SQL Server in order to connect to the server over the Internet.You can view the port number of your instance of SQL Server by perform-ing the following steps:

1 Open your Server Network Utility from the Microsoft SQL Serverprogram group

2 From the General tab, highlight TCP/IP and click the Properties ton The dialogue box named Test—TCP/IP appears as shown inFigure 15.1

but-3 You can change the port number that is displayed for your tion if you so choose

connec-To complete the connection the client must request a connection with theserver using the TCP/IP Net-Library The client can perform this connec-tion by installing the SQL Server client tools or using another direct con-nection method, such as an Active Document from the browser, whichprovides the full usage of an OLE DB provider or ODBC driver Moreinformation about connecting to SQL Server using OLE DB and ODBC can

be found in Chapter 7, “Implementing Front-End Application Security.”The following sections detail the differences when connecting via thesemethods

Client Tools

When you install the client tools on the machine that is connecting to theserver over the Internet, you need to configure the TCP/IP Net-Library set-tings By default, the TCP/IP Net-Library is enabled, and it tries to make aconnection over port 1433 If this is not the port you want to connect with,you need to modify the default setting in the Client Network Utility

Figure 15.1 The Test—TCP/IP dialogue box is used to view and configure the port number assigned to your instance of SQL Server.

You may also need to connect to multiple instances of SQL Server If this

is the case, you need to configure aliases to each of the servers The alias is

a component of the Client Network Utility and is used to identify the nection properties (hostname and port number) for individual instances.When configuring aliases in the Client Network Utility, you have theoption of allowing the utility to dynamically determine the port number.This option should be chosen to avoid having to update the configuration

con-of the Client Network Utility when the server configuration changes Toconfigure an alias for a named SQL Server instance, perform the followingsteps:

1 Open the Client Network Utility from the Microsoft SQL Server gram group

pro-2 Click the Alias tab as shown in Figure 15.pro-2

3 Click the Add button to display the Add Network Library

Configu-ration dialogue box shown in Figure 15.3

4 Type in a server alias to provide a friendly name for the server

con-nection

5 Click to select TCP/IP as the Network Library

6 Type in the Server name This is the hostname of the instance of SQLServer you are connecting to

7 Choose your port configuration Dynamically Determine Port is the

default port setting

Figure 15.2 Use the SQL Server Client Network Utility to configure TCP/IP connection properties for each instance of SQL Server.

Figure 15.3 Supply the server hostname and port number for the connection to a SQL Server instance in the Add Network Library Configuration dialogue box.

From the client tools you also have the ability to configure an encryptedconnection The encryption supported by SQL Server depends on SecureSockets Layer To support this level of encryption you need to purchaseand install a certificate on your SQL Server You can use the same certificatefor multiple instances of SQL Server

VeriSign is the industry leader in selling and managing Internet cates For more information about purchasing and installing your certifi-cate, refer to VeriSign’s Web site at www.verisign.com Once the certificate

certifi-is installed, you can then enable protocol encryption for connections toyour instance of SQL Server If you want users to be able to establish anencrypted connection to an instance of SQL Server, you can do so byenabling encryption for the Multiprotocol Net-Library:

1 Open the Server Network Utility

2 Under Enabled protocols, click Multiprotocol, and then click ties to see the Test—Multiprotocol dialogue box shown in Figure 15.4

Proper-3 Select the Enable Encryption checkbox

N OT E When you plan to use encryption with a failover cluster configuration, you must install the server certificate, with the fully qualified Domain Name Service (DNS) name of the virtual server, on all nodes (servers) in the failover cluster For example, if you have a two-node cluster, with nodes named Chicago.softouch.trn and NewYork.softouch.trn and a virtual SQL Server named “SQL1,” you need to get

a certificate for “SQL1.softouch.trn” and install the certificate on both nodes You can then check the Force protocol encryption checkbox on the Server Network Utility to configure your failover cluster for encryption.

Figure 15.4 The Enable Encryption option configures your server to use Secure Sockets Layer encryption.

A Connection through OLE DB

Internet-based connections are also supported through the use of OLE DB

By default the browser does not support the use of OLE DB as a connectionmethod You will need to provide the basis for the connectivity through theapplication that you develop Visual Basic supports a feature referred to as

the Active Document, which allows you to simulate the Visual Basic

envi-ronment through an ActiveX control The control is downloaded andinstalled when you first connect to the application over the Internet Thiscontrol takes some initial overhead, but once it is installed you can use theOLE DB provider to connect to your data

There are several other features that are supported by different ment environments and that provide you with the ability to interact withyour data via OLE DB or ODBC For more information on these options,refer to the product documentation for the application that you have cho-sen to develop

develop-Inherently, applications that use a direct connection to SQL Server overthe Internet have security concerns that need to be addressed Once youallow a connection directly from the browser to SQL Server you haveopened a door to SQL Server that all Internet users can try to use If youprefer to have a direct connection between SQL Server and an Internetbrowser, you should consider the following security suggestions:

Implement SSL on your server. You will want all connections to the

server to be encrypted to protect your data as it is being passed

along The detailed configuration of SSL is described previously in

this chapter in the section titled A Direct Connection to SQL Server.

Implement Windows Authentication instead of SQL Server

Authen-tication. With Windows Authentication you have control over words You can configure a required length and a period of time

pass-within which the password must be changed You also have the ity to lock out the account on a configured number of failed attempts.More details on Windows Authentication and SQL Server Authenti-cation can be found in Chapter 4, “Establishing Login Security.”

abil-Implement auditing within the application to verify the usernames that are making all changes. Application auditing can be used totrack the users who have not properly secured the passwords fortheir Windows account More information on auditing with SQLServer can be found in Chapter 14, “Creating an Audit Policy.”

Create an instance of SQL Server just for the data that needs to be accessible from the Internet. You may also want to install thisinstance on a separate machine If the physical security of the

machine is compromised, only your Internet data will be accessed

Connections through Firewalls and Proxy Servers

When an application is created for use on the Internet, it is not always aseasy as going from the client to the server Organizations use firewalls andproxy servers to help secure their networks and isolate them from theInternet This section describes the issues involved with making connec-tions over these secured Internet mediums The section first identifies theissues that arise when you connect to a SQL Server through a firewall, andthen it discusses how you would connect to a SQL Server instance through

a proxy server This section also introduces the reverse-publishing featurethat many proxy servers support to help secure SQL Server data

Using a Firewall System with SQL Server

Many companies use a firewall system to isolate their networks fromunplanned access from the Internet A firewall can restrict Internet applica-tions’ access to your network by forwarding only requests targeted at spe-cific IP addresses in the local network Requests for all other networkaddresses are blocked by the firewall You can allow Internet applications

to access an instance of SQL Server in the local network by configuring thefirewall to forward network requests that specify the network address ofthe instance of SQL Server

To work effectively with a firewall, you must ensure that the instance ofSQL Server always listens on the network address that the firewall is con-figured to forward When using a named instance of SQL Server with a

firewall, use the Server Network Utility to configure the named instance tolisten on a specific TCP port You must pick a TCP port that is not beingused by another application running on the same computer or cluster For

a list of well-known ports registered for use by various applications, seewww.ise.edu/in-notes/iana/assignments/port-numbers

You should have the firewall administrator configure the firewall to ward the IP address and TCP port the instance of SQL Server is listening on(using either 1433 for a default instance or the TCP port you configured anamed instance to listen on) Also configure the firewall to forwardrequests for UDP port 1434 on the same IP address SQL Server 2000 usesUDP port 1434 to establish communications links from applications

for-For example, consider a computer running one default instance and twonamed instances of SQL Server The computer is configured such that thenetwork addresses that the three instances listen on all have the same IPaddress The default instance would listen on TCP port 1433, one namedinstance could be assigned TCP port 1434, and the other named instancecould be assigned to TCP port 1954 You would then configure the firewall

to forward network requests for UDP port 1434 and TCP ports 1433, 1434,and 1954 on to that IP address

Connections to SQL Server through a Proxy Server

You can also connect to an instance of SQL Server through a proxy server.Proxy servers are stand-alone products that isolate your internal usersfrom the Internet The users send their Web requests to the proxy server,which then forwards the request to the Internet on behalf of the user Proxyservers provide the following benefits to your organization:

■■ Internet data can be cached at the proxy server After the proxy

server retrieves a Web page on behalf of the user, that page can be

stored on the Proxy server so that if another user requests the same

page, the Proxy server can serve the request without going to the

Internet, thus providing faster responses to requests and conserving

your Internet resources

■■ The proxy server can authenticate the user making the request of theInternet With this feature you can control the users who have access

to various Web applications and protocols

■■ The proxy server can be used to reverse-publish data for you More

information on reverse-publishing can be found later in the next

sec-tion, Reverse Publishing with a Proxy Server.

■■ The proxy server acts on behalf of the clients using a single external

IP address This feature enables your internal clients to use private

IP addresses The only real Internet IP address you need for Internetaccess is the IP address assigned to your proxy server

■■ You can also use the proxy server in a similar fashion to a firewall.You can prevent unauthorized users from connecting to your privatenetwork A proxy server keeps your sensitive data secure by control-ling all the permissions and Internet users’ access to the listeningport You can block access to restricted sites by ranges of IP

addresses, domains, or individual users so you can ensure that yourusers are using their Internet permissions appropriately

When you are a user behind the proxy server and you are trying to nect directly to a SQL Server over the Internet, you will be making therequest to the SQL Server port number configured in your Client NetworkUtility The proxy server administrator will have to allow that port to be con-nected to, and you will have to have permission to use the configured portfor outgoing access If you are not making a direct connection to SQL Serverand have to go through a Web server first, your connection to the Web serverwill most likely be on a known port number that is already configured

con-Reverse-Publishing with a Proxy Server

Reverse-publishing is a security feature included with many proxy serverproducts It allows you to store a server that needs to be accessed from theInternet behind the firewall without compromising the security of your net-work An Internet client directs requests to the proxy server as though it werethe server that is publishing data The proxy server then accepts the requestand passes the request on to the server that is behind the firewall The proxyserver is acting on behalf of the Internet client for the server access By imple-menting reverse-publishing, you ensure that the Internet client never hasdirect access to the server that is publishing information to the Internet Youcan use the proxy server to carry out the following security options:

■■ The proxy server can authenticate the Web user

■■ The proxy server can perform packet filtering to make sure that onlycertain protocols are allowed in from the Internet.

■■ The proxy server can implement Secure Sockets Layer (SSL) to

ensure that all data is encrypted as it is passed to and from the net By using the proxy server for SSL, you can configure the certifi-

Inter-cate security in one location rather than having to configure SSL for

each SQL Server instance

For more information on configuring reverse-publishing, refer to theInternet Security and Acceleration (ISA) server documentation at Microsoft’sWeb site The ISA server is Microsoft’s new proxy server and firewall TheWeb site is www.microsoft.com/ISAserver

Connecting to SQL Server through a Web Server

Web browser clients, in most cases, do not directly access SQL Server bases Rather, when a Web server receives a browser request requiring dataaccess, it connects to a database on the browser’s behalf, submits a querycustomized to that request, and constructs a response to the browser based

data-on the query results For Microsoft IIS, this server-side processing ogy is implemented with Active Server Pages (ASP) Typically, ASP com-bines standard HTML and embedded script that executes on the Webserver and sends the script’s output in HTML to the browser Since the ASPscript executes on the server and responds in pure HTML, it works withany Web browser Other Web servers have similar server-side technologiesfor accessing databases Examples include Java servlets, Java Server Pages(JSP), and ColdFusion

technol-Web servers generally use one of three data access technologies to accessSQL Server databases: OLE DB—Universal Data Access, ODBC (Open Data-base Connectivity), and JDBC (Java Database Connectivity) Since these dataaccess technologies are low-level APIs that are difficult to learn, more pro-grammer-friendly interfaces such as ADOs and Java SQL classes are available.Figure 15.5 illustrates how the pieces of data access fit together This sectionfirst describes the process of using ADO for data access over OLE DB andODBC and then describes the process of using JDBC to access SQL Server

Figure 15.5 Connection methods are available to SQL Server from variety of Web servers.

Using Active Data Objects with Active Server Pages

When working with database servers such as SQL Server, your applicationneeds to create a connection to the appropriate database Using ADO, youcan use the ADO Connection object to explicitly establish connections, oryou can use the ADO Command or ADO Recordset object to make connec-tions dynamically When establishing the connection object, you need toidentify the security credentials for the connection You can either supplystandard (SQL Server Authentication) security credentials, which require ausername and password, or you can supply trusted connection (WindowsAuthentication) credentials, which use the Windows user account infor-mation for the connection credentials After establishing the connection,your ASP application can issue the same sort of ADO commands that astandard Visual Basic (VB) application can perform These commandsinclude executing stored procedures; opening and scrolling a recordset;and inserting, updating, and deleting data

As shown in Figure 15.5, ADO can use the OLE DB provider for eitherODBC or SQL Server to connect with SQL Server The OLE DB provider forODBC lets you use the ADO object model with most existing ODBC driv-ers While this provider can be used effectively with those data stores that

do not have native OLE DB providers, it does not perform as well

Java Server Servlets

JDBC API

JDBC

JDBC Driver Other Server