访问前端SQL后端安全连接
[英]Access front end SQL back end secure connection
问题描述
I need to have an Access front end and SQL 2005 back end for a client. 
我需要一个客户端的Access前端和SQL 2005后端。 I would like to require them to have a static IP and I'll open a port for that IP. 我想要求他们拥有一个静态IP,然后为该IP打开一个端口。 But they also want to be mobile, so their IP will change when they aren't in their office. 但是他们也想移动,所以当他们不在办公室时,他们的IP将会改变。
Is there another way to secure the connection? 还有另一种方法来保护连接吗?
Thanks. 谢谢。
1 个解决方案
解决方案1
1 2012-08-04 16:31:46
I much don't see any problem or issue with this question. 我几乎看不到任何问题。 As a note, one could keep in mind with your requested setup the IP address of the mobile devices does not and should not matter. 请注意,请记住您所请求的设置,并且移动设备的IP地址无关紧要。
What matters for the most part is that device can connect to the IP address of the SQL server in question (and that address is not likely to change – or at least not change often). 在很大程度上,最重要的是设备可以连接到所讨论的SQL Server的IP地址(并且该地址不太可能更改-或至少不经常更改)。
so their IP will change when they aren't in their office.
This question makes more sense. 这个问题更有意义。 The internal IP address you use to connect to SQL server can be an unc path name to the server (with SQL on it). 用于连接到SQL Server的内部IP地址可以是该服务器的unc路径名(上面带有SQL)。 However, often just using the IP address of the server on your local network also works. 但是,通常仅使用本地网络上服务器的IP地址也可以。 So a typical address would be 192.168.1.100. 因此,典型地址为192.168.1.100。
So, your Access front end can thus link to the above IP address (I assume you have some SQL re-link code on startup). 因此,您的Access前端可以链接到上述IP地址(我假设您在启动时有一些SQL重新链接代码)。
When you step outside of the office and that local network, then of course you have several choices. 当您走出办公室和该本地网络之外时,当然可以有几种选择。
You could as you suggest open up a port on the SQL serving to allow incoming connections. 您可以按照建议在SQL服务上打开一个端口以允许传入连接。 This is likely not such a great idea. 这可能不是一个好主意。 It likely better to setup some type of VPN from that device back to your office network. 最好将某种类型的VPN从该设备设置回办公室网络。 Once you have that VPN connection setup, then the front end that linked to the fixed internal ip address should continue to work (and you can use the SAME internal address). 一旦建立了VPN连接,链接到固定内部ip地址的前端应继续工作(并且您可以使用SAME内部地址)。
However, without a VPN, then you can certainly have the Access front end "re-link" to the external exposed IP address of your office network. 但是,如果没有VPN,那么您当然可以使Access前端“重新链接”到办公室网络的外部公开IP地址。 This would require that you open a port and forward a port on your router to the machine running SQL server. 这将需要您打开端口,并将路由器上的端口转发到运行SQL Server的计算机。 And you would have to open the default port for sql server. 并且您将必须打开sql server的默认端口。 The default is 1433 – but as noted, it is NOT such a great idea to open up your SQL server to the wild internet. 默认值为1433 –但请注意,将您的SQL Server开放到互联网上并不是一个好主意。 Last time I did this, within a FEW minutes there was automated "bots" on the internet already attempting to logon (and the robot was testing all of the most common sql logons + most common passwords). 上一次我这样做的时候,在短短几分钟之内,互联网上已经有自动的“机器人”试图登录(并且机器人正在测试所有最常用的sql登录+最常用的密码)。 So, this is high risk adventure to open up sql server ports this way. 因此,以这种方式打开sql server端口是一次冒险。
So, the best approach here is some type of SSL tunnel, or a VPN to your office network, and the bonus part is you likely NOT have to re-link the front end to a different IP address since once that "tunnel" is setup to your office, then the result of the network setup, including the use of printers etc. from your laptop should thus work with any place you connect to the internet. 因此,这里最好的方法是某种类型的SSL隧道或到办公室网络的VPN,而额外的部分是您不必将前端重新链接到其他IP地址,因为一旦设置了“隧道”到您的办公室,则网络设置的结果(包括使用笔记本电脑中的打印机等)应可在您连接到互联网的任何位置使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.