[dba-SQLServer]IP Connection to SQL

Francisco H Tapia my.lists at verizon.net
Wed Apr 16 13:29:35 CDT 2003 

: I fired up the ADP, chose /File/Connection and filled in
: the data -- and that was that! Total time invested 1 minute, and it
: works. I can hit the db using EM or Access. I can create sprocs etc.
: from either. No muss, no fuss, no Terminal Services or Citrix,
: nothing but an IP a uid and a pswd.
:
: What needs to be done to make this happen?
<snip>
: Does their router simply listen for hits on that
: IP and forward them to SQL for authentication, without doing any
: Windows-level user checks? Did the network guy create a Windows user
: for me and that's how I get in?

Yes, this is exactly what happens, w/ Sql Server authentication you don't
need a domain, just the IP/Port and uid/pwd for the server.
Routers/Firewalls have the port opened in this case 1433.  What is dangerous
about this situation is that port 1433 is a common known port which hackers
and script kiddies can use to infiltrate said network.

: The reason I ask is that I have another client that uses TS to connect
: remote users to the db, and I no longer see the point in this, given
: the ease with which I connected to client 1's db.

obviously as with any situation it depends... Given that you are using TS
you are probably hitting some sort of encryption server that enables the
display to be forwarded to you via a VPN of some sort.  What this does is
provide the recordsets to the local machine on the server (at the client err
customer site) if the connection is 10mbs or 100mbs its faster than any
internet WAN connection, thus response time can be FASTER... when connecting
over the Internet as in the case with customer #1, you are pushing said
recordsets over the internet unencrypted and for the whole world to privy.

: I would love to eliminate TS from client 2's setup and make it just
: like client 1's. What steps are required?

I understand your enthusiasm but I regrettably must say that usually the job
of data getting in/out is normally the local admin's responsibility and I
can't truly argue w/ the TS scenario...

-Francisco
http://rcm.netfirms.com

On Wednesday, April 16, 2003 11:01 AM [GMT-8],
Arthur Fuller <artful at rogers.com> wrote:

More information about the dba-SQLServer mailing list