|
Posted by =?Utf-8?B?T3pvbmU=?= on September 22, 2005, 3:25 pm
If you were Registered and logged in, you could reply and use other advanced thread options
The only concern that I can see is if the SQL server actually has a Public IP
address on it. If it only has an internal / non-routable address, then you
should be pretty safe. If it has a private address on it, the only way to
get to the SQL server from the DMZ server would be to gain some type of
interactive access to the DMZ server... Just be sure that you are not
routing through the DMZ server to the backend network...
OR
if you have some port mapper program such as netcat on the DMZ server, this
would allow someone to punch through the DMZ server and connect to the
backend SQL server...
HTH
Ozone
"Marlon Brown" wrote:
> Imagine this:
> I have a Sharepoint Front-End web server in the "Forest-Perimeter" network
> (some call it DMZ).
> Imagine the SQL server such Sharepoint server uses continues to be housed in
> the "Internal" network. Therefore I would need to open a hole in the ISA
> firewall to allow communication between the Sharepoint Front-End<----> SQL
> Server (internal) network.
>
> Can you tell me the mechanism and likelyhood of getting such SQL server
> compromised via this Front-End web server ?
> I know you can hit a SQL server pretty hard if you can explore SQL server
> injections, but let's assume you use store procedures to avoid SQL server
> injections.
>
>
>
>
| 
XML site map