Access front end SQL back end secure connection

Question

I need to have an Access front end and SQL 2005 back end for a client. I would like to require them to have a static IP and I'll open a port for that IP. But they also want to be mobile, so their IP will change when they aren't in their office.

Is there another way to secure the connection?

Thanks.

Answer 1

I much don't see any problem or issue with this question. As a note, one could keep in mind with your requested setup the IP address of the mobile devices does not and should not matter.

What matters for the most part is that device can connect to the IP address of the SQL server in question (and that address is not likely to change – or at least not change often).

so their IP will change when they aren't in their office.

This question makes more sense. The internal IP address you use to connect to SQL server can be an unc path name to the server (with SQL on it). However, often just using the IP address of the server on your local network also works. So a typical address would be 192.168.1.100.

So, your Access front end can thus link to the above IP address (I assume you have some SQL re-link code on startup).

When you step outside of the office and that local network, then of course you have several choices.

You could as you suggest open up a port on the SQL serving to allow incoming connections. This is likely not such a great idea. It likely better to setup some type of VPN from that device back to your office network. Once you have that VPN connection setup, then the front end that linked to the fixed internal ip address should continue to work (and you can use the SAME internal address).

However, without a VPN, then you can certainly have the Access front end "re-link" to the external exposed IP address of your office network. This would require that you open a port and forward a port on your router to the machine running SQL server. And you would have to open the default port for sql server. The default is 1433 – but as noted, it is NOT such a great idea to open up your SQL server to the wild internet. Last time I did this, within a FEW minutes there was automated "bots" on the internet already attempting to logon (and the robot was testing all of the most common sql logons + most common passwords). So, this is high risk adventure to open up sql server ports this way.

So, the best approach here is some type of SSL tunnel, or a VPN to your office network, and the bonus part is you likely NOT have to re-link the front end to a different IP address since once that "tunnel" is setup to your office, then the result of the network setup, including the use of printers etc. from your laptop should thus work with any place you connect to the internet.