what authentication should IIS use to talk to SQL?

Networking/Security Forums -> General Security Discussion

Author: funkyd PostPosted: Thu Mar 20, 2003 6:27 pm    Post subject: what authentication should IIS use to talk to SQL?
    ----
We have web servers in our DMZ that talk to SQL servers on our trusted.

We are talking 10 web servers that in total talk to about 10 SQL servers witha total of 100+ databases.

Now at the moment we have a SQL user for each database that IIS uses. Problem is that becaus there are literally hundreds of logins, managing them is a nightmare.

What is the best way for me to reduce the number of logins I am using? Changing these passwords every month is going to be a bi*ch to say the least - hence currently they never get changed.

Could I just create one logon for each SQL server that IIS can use to read/write to all databases? Assuming it is correctly permissioned and audited that should be okay I think....

Any thoughts???

Author: Mongrel PostPosted: Thu Mar 20, 2003 7:03 pm    Post subject:
    ----
We have a very similar situation - and we use SQL coupled with our own proprietary authentication . Yes, it's a major pain to manage - but the last thing I want are domain users who have rights to an SQL server.

For us that's the overriding issue. We use a combination of SQL roles (some custome ones) and views to lock down who does what.

Author: funkyd PostPosted: Thu Mar 20, 2003 7:12 pm    Post subject:
    ----
The passwords we use are good - or appear to be. I am just worried that we are not changing them - probably because of the hassle in doing so. It would take hours - or even days to do.

I am wondering if I (yeah right!!) could write a script that changes all the passwords and updates IIS scripts by doing some sort of search and replace?

What about having just a single SQL logon for all websites to use? Okay so all sites can access all databases but surely the benefit of changing the password regularly far outweighs having tons of accounts with passwords that never change?

I found this document

http://w*w.secadministrator.com/Articles/Index.cfm?ArticleID=9356

It advises against using SQL authentication and to use NT as the SA account can be hacked. However as my web servers are not on the domain this isn't going to work...
Could I create local NT accounts on my SQL box and tell the web server to login using those accounts? I could lock them right down and esnrure that they can only access SQL and not any files etc etc perhaps?

Author: Mongrel PostPosted: Thu Mar 20, 2003 9:00 pm    Post subject:
    ----
I think your password philosophy land ogin mechanism needs to be driven by the security policies in place (if any), upper management's business-level requirements, and the client (if these SQL are client databases.)

In our case it's largely client driven and much more stringent that our own policy regarding complexity and duration of passwords. They insisted on not having NT accounts and they are a multinational firm who handles millions of medical records.

I just don't like having ties between NT/2000 accounts and SQL accounts. A single login to SQL is a huge point of weakness.

See what others say - many more SQL experts here better than I.



Networking/Security Forums -> General Security Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group