SQL Server Performance Forum – Threads Archive
parsing images from remote server db
There is a remote server being set up that is a database (sql2K) This server will store paths to its folders containing scanned images (images around 250k each) I have a website that has a calendar of events, the user of the calendar can have the ability to select supporting documents for the event they create on the calendar (so the calendar event needs a link to the documents on the other server. The website is fully under a ssl key and the remote db server is not. I don’t was to inconvience users / give up security by having them click a link to load files from an unsecure location. How would it be best to keep the security of the ssl and create a link from the secure web calendar of events to unsecure supporting documents on another server. When the user uses the calendar of events, since it is dynamic, the users login information is passed along so the user views their information. This is what i was thinking, would it be possible to pass the users Login information to a store procedure in remote server (which would only be listening for the web servers ip address) THis procedure would then pass back to the website (at a different ip) the urls to the images. My main issue is avoiding the security prompts created from importing unsecure info and clicking a link to unsecure info FROM a secured. Any suggestions on how i can do this?To me your question seems more related to general Windows/Webserver security as to SQL Server. Have you asked this in a community dedicated to the other systems? —
Frank Kalis
Microsoft SQL Server MVP
http://www.insidesql.de
Ich unterstütze PASS Deutschland e.V. http://www.sqlpass.de)
Hi,
as you say your site is under fully SSL then you have not to worry it works and as far as sql db is concern you can set your db files (.mdf and .ldf ) on NTFS partition and BTW all the process is hapening at server side so users wont have an idea about your db server because it is not his concern and BTW you can convert your db server’s partion to NTFS without re-partition using command ‘convert drive: /fs:ntfs’
only thing here to be consider is "man in middle attack" here is a link for your reference http://www.sans.org/rr/whitepapers/threats/480.php i didn’t get you ! on this
quote:
This is what i was thinking, would it be possible to pass the users Login information to a store procedure in remote server (which would only be listening for the web servers ip address) THis procedure would then pass back to the website (at a different ip) the urls to the images.
This is what i was thinking, would it be possible to pass the users Login information to a store procedure in remote server (which would only be listening for the web servers ip address) THis procedure would then pass back to the website (at a different ip) the urls to the images.
www.petri.co.il/forum is very good for the security/network issue …
Regards. Hemantgiri S. Goswami
[email protected]
"Humans don’t have Caliber to PASS TIME , Time it self Pass or Fail Humans" – by Hemant Goswami
If you are storing paths to the images I don’t see the issue here. Just build your image path using https:// in your link. If the images are stored on the web server it will work just fine. If they are stored on a folder on another server (say on a disk on the SQL server) you can create a virtual folder on the web server that points to the UNC path and still build a vailid URL.
]]>