Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Administration
 Help with DB Sync Website & Local DB

Author  Topic 

ElkStrangler
Starting Member

1 Post

Posted - 2011-07-14 : 18:00:47
Not sure where the best place to put this is - so please exuse me.

We have a local system which does our processing and a website that provides information to our customers through a site on a shared host.

The next step is to start collecting some information (external users will enter the details) from the website and store in a hosted SQL Server database. As some of this data is personal - names and addresses - I'm concerned about security.

In order to give the external users the ability to enter data, I envisage the following steps:

1) Create a User Account - the website will use the MS Membership Provider

2) User logs in, enters the data through the website which is stored.

3) A process will then pass the data to local system and remove from hosted database on a regular schedule. Presumably run from our local network.

So...how can I...

1) Automate the login creation process from the local system?

2) Transfer the data securely between the two databases?

3) Encrypt details in the hosted system database?

My host exposes their SQL Server so I can connect to it in .NET or SSMS using the appropriate connection string. However how safe is this?

Using this connection I could write an app to do 1 and 2 above in .NET or SSIS etc but is it truly secure? Presumably the data could be sniffed and is the connection string protected during the connection? What are the alternatives?

As for data security, I can't encrypt on the hosted database using Certifcates/TDE etc as I don't have access rights to the master database. I considered self encrypting with salt but are there any other suggestions?

I suspect the answer is to move to dedicated hosting where we can establish a secure VPN connection for a .NET app to work through but suddenly the hosting costs treble and we are only a small company. Or is that the price to pay in order to make sure its correct?

Any other suggestions?

Thanks!

   

- Advertisement -