I need to provide access to a SQL Server 2008 database to a website for a client. I haven't done this before and I'm looking for tips on security.
The website will be hosted on a server either in a DMZ or external to the network. Access to the SQL server will be through a Cisco router.
The network is a workgroup, not a domain. The website needs write access to one database.
The client wants enough flexibility that I can't restrict them to using stored procedures. It'll be their responsibility to ensure they don't wreck their database.
I'll give them datawriter permissions on that database, and enforce a strict password policy.
What other things should I do to safeguard the SQL server from the evils of the internet?
View Complete Post