Menu
When you're creating an SQL server on Azure, there is the option to
"ALLOW WINDOWS AZURE SERVICES TO ACCESS THE SERVER."
Does this mean that some other application (other than my own applications) hosted on Azure, like a website, can access my sql server?
There is username password, of course, but I'm afraid they can be brute forced.
Is this a legitimate concern?
873
Databases in SQL Database are protected by firewalls in Azure. By default, all connections to the server and database are rejected. To learn more, see server-level and database-level firewall rules. Set Allow access to Azure services to OFF for the most secure configuration.
Azure SQL Database currently supports encryption at rest for Microsoft-managed service side and client-side encryption scenarios. Support for server encryption is currently provided through the SQL feature called Transparent Data Encryption.
Microsoft SQL Server provides several built in features that enable security, including encrypted communication over SSL/TLS, the Windows Data Protection API (DPAPI) used to encrypt data at rest, authentication and authorization.
Yes, "Allow access to Azure services" is a shortcut that allows any Azure-hosted service through the firewall (though the other service still needs to know the server name and a SQL Authentication username/password, as you mention). This shortcut is for convenience, since your app's IP address can change if the VMs in your cloud service fail over or shut down.
To avoid using this shortcut, you could create a reserved virtual IP address (VIP) for your cloud service. This allows your app to have a persistent public IP address, which you can specifically and selectively allow through the server firewall for your SQL Database.
89
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
