Hi there,
We are looking at making RS over the web for a client.
Is is safe to put RS on the web? Is it possible to provide adequate security for complete peace of mind - ssl etc? Or does another security layer have to be placed over it?
Advice, thoughts, and some pointers would be greatly appreciated!!
Many thanks
Chris
It is relatively safe, to a point. Check out this article:
http://msdn2.microsoft.com/en-us/library/ms157198.aspx
for a summary of SSRS authentication options.
Integrated Windows authentication is not sent in plain text, and it is controlled by IIS, not RS. But you can only use integrated (NTLM) authentication in IE.
sluggy
|||Reporting services supports SSL.
For authentication, you can either:
1. use forms based authentication - take a look at the sample that comes with RS 2005 or
2. use the built-in Windows authentication if you want to give your users access to your domain.
In general RS 2005 is safer/easier to deploy in internet facing scenarios than RS 2000. See the following article for some more information.
http://blogs.msdn.com/tudortr/archive/2005/11/03/488731.aspx
The safest option is to only expose report manager outside of the firewall.
There will be more information on this topic in an upcoming MSDN doc refresh.
Thanks
Tudor Trufinescu
|||Thanks Tudor,
To put into context, we are looking at putting a server into a datacentre, putting SQL and RS onto it, and RS making available to clients.
If we use windows authentication (with SSL?), would you consider this to be a secure environment? Considering the context, would it be a problem if clients have access to our domain? Could we set up their user accounts so that they would only be able to access our site via a browser into RS?
Regards
Chris
No comments:
Post a Comment