We have a in house web app that will need to consume a web service via
javascript, so using 2005's new feature, I created an endpoint &
exposed a stored procedure to use the Native XML web service
functionality. The procedure works fine, and I've tested behind our
firewall. But the database sits in a highly protected domain, behind a
firewall. The web app will sit outside the firewall, in the DMZ. My
questions are...
A) I'm assuming we'll need to open the firewall to communication on the
port specified in the endpoint for the web app to communicate with?
Any security risks here?
B) Who do I grant connect on the endpoint to? The web app is not in
the same domain, so I can't give the connect permission to a domain
user.'
C) More javascript related than SQL....Javascript runs on the client
right? So will all the web browsers out there be attempting to execute
this web service call? Or is it my web server trying to execute the
web service call?Sorry to repost, but what do folks think?
CoreyB wrote:
> We have a in house web app that will need to consume a web service via
> javascript, so using 2005's new feature, I created an endpoint &
> exposed a stored procedure to use the Native XML web service
> functionality. The procedure works fine, and I've tested behind our
> firewall. But the database sits in a highly protected domain, behind a
> firewall. The web app will sit outside the firewall, in the DMZ. My
> questions are...
> A) I'm assuming we'll need to open the firewall to communication on the
> port specified in the endpoint for the web app to communicate with?
> Any security risks here?
> B) Who do I grant connect on the endpoint to? The web app is not in
> the same domain, so I can't give the connect permission to a domain
> user.'
> C) More javascript related than SQL....Javascript runs on the client
> right? So will all the web browsers out there be attempting to execute
> this web service call? Or is it my web server trying to execute the
> web service call?|||You will have to open the firewall on the port that is specified for your
HTTP endpoint. The only security risk is in being able to execute the
procedures you are exposing as well as Denial of Service. Other than that,
users can not get to anything else...provided you have ensured things are
locked down otherwise.
You grant connect authority to the user that will be connecting to the
endpoint. That can be a physical user or done via certificate exchange.
I have no idea on the Javascript question.
Mike
http://www.solidqualitylearning.com
Disclaimer: This communication is an original work and represents my sole
views on the subject. It does not represent the views of any other person
or entity either by inference or direct reference.
"CoreyB" <unc27932@.yahoo.com> wrote in message
news:1144370588.206677.316450@.j33g2000cwa.googlegroups.com...
> We have a in house web app that will need to consume a web service via
> javascript, so using 2005's new feature, I created an endpoint &
> exposed a stored procedure to use the Native XML web service
> functionality. The procedure works fine, and I've tested behind our
> firewall. But the database sits in a highly protected domain, behind a
> firewall. The web app will sit outside the firewall, in the DMZ. My
> questions are...
> A) I'm assuming we'll need to open the firewall to communication on the
> port specified in the endpoint for the web app to communicate with?
> Any security risks here?
> B) Who do I grant connect on the endpoint to? The web app is not in
> the same domain, so I can't give the connect permission to a domain
> user.'
> C) More javascript related than SQL....Javascript runs on the client
> right? So will all the web browsers out there be attempting to execute
> this web service call? Or is it my web server trying to execute the
> web service call?
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment