SQL Remote connection security

Question

question

jcampsall asked Nov 28, '13

SQL Remote connection security

I have a potential client that is concerned about security and privacy. There request is to have their clients' information (identification) stored on their own internal SQL Server while allowing non-identifiable data store on my SQL Server (along with data from my other clients). This is a SaaS environment so potentially all of my clients may wish to have this configuration. If my SQL Server is breached, does it this mean that my client's data store is also inherently breached since the connection information would be accessible from my server ?

sql-server security remote-access

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2013-11-30T05:51:10Z

sqlaj 1 answered Nov 30, '13

It would depend on the level of access and information they gained access too. Just because they breached a server doesn't mean they breached another that connects to it.

1

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Shawn_Melton commented · Dec 05, 2013 at 01:02 AM

If I have access to your server then I have access to your network (internal or external).

0 ·

Answer 2 · 2013-12-05T00:34:53Z

jcampsall answered Dec 5, '13

ok... my server is hosting a website ( ASP.net, IIS 7) and MS SQL Server 2008 R2. How many different ways are there to connect to a linked sql server. Wouldn't the connection info he available or accessible to whoever breached my server ?

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

question