I posted this message on Google but never received an answer so I thought I would try here.
Is it possible to connect to SQLExpress over the Internet (TCP/IP) using Windows Authentication? I can connect using SQL Authentication but the client would rather use Windows Authentication to avoid manageing another set of user names and passwords.
I have tried connecting with a workstation using cached credentials but I just receive an error "Cannot generate SSPI context".
Any assistance is appreciated.
By “Internet” do you mean the network around world, or just “across TCP/IP within your client’s intranet”?
Zlatko
|||Your client would need to open up 'windows' ports on their server in order to get windows auth to work. (i.e. SMB and other ports, including kerberos, etc.)Typically, this is the WORST possible move to do on a web facing server, it effectively puts the server 'out' on the internet. Yes, Windows Authentication IS more secure than SQL Server auth, but when you put your server 'out' like that on the internet, then you're exposing it to hackers who may stumble across it and attempt to brute-force their way on to the box. Even if they don't succeeed, they may DOS the box with all of the traffic.
In other words, YES, you can use windows authentication on the "internet" but that requires your server to therefore be on the "internet" - i.e. it's no longer effectively behind a firewall and in your 'LAN' it's just 'out' and ready to be hacked.
If you really need more security than what SQL Server auth provides (which can be made pretty secure using pass phrases instead of passwords (like "When will the world end, I wonder?"), then maybe look at getting a VPN.
|||Internet as in worldwide.|||
I was afraid someone was going to say that but I appreciate the feedback. I know SQL authentication is not very secure and was hoping Windows authentication would be a better solution.
Ideally I would lik to find a way to have users connect to the SQL server using RPC over HTTP similar to how Outlook 2003 remotley connects to Exchange 2003 without VPN or openning ports on the firewall.
Does anyone happen to know how I might do this with SQL?
|||SQL Server 2005 natively supports SOAP over http.
No comments:
Post a Comment