Forum Discussion
Internet access to internal SQL server (not in DMZ)
I have a request to open TCP port 1433 on our firewall to allow a company to query a table on our SQL server as part of a service they have been contracted to provide. The SQL server is in our server vlan, not the DMZ.
I am told the company will have read-only access to the table, and that a unique username and password has been created for this company.
I am thinking we would open the port if we can lock down access to just this company's public IP address(es). Otherwise, no go.
I don't know anything about SQL server, sql injection, etc. Is the above approach sufficient to protect our SQL server? Am I correct in thinking that opening up TCP port 1433 to the public internet is a bad idea?
What other methods for granting the access needed by this company can I recommend to the project team?
- bake13Microsoft
Hi garryholmberg --
Your intuition is correct in that opening 1433 to the internet from within your internal vlan is incurring risk. Have you considered replicating the database to a system in the DMZ and providing the read-only access to that copy of the database? Take care.