SQL Server 和客户端之间有什么关系?
这个问题是我在这里提出的上一个问题的更新版本。
我对使用 SQL Server 作为关系数据库的客户端-服务器模型很陌生。我了解到对 SQL Server 的公共访问并不安全。如果直接访问数据库不是一个好的做法,那么服务器和客户端之间应该放置什么样的层?请注意,我有一个将充当客户端的桌面应用程序和一个向客户端提供数据的远程 SQL Server 数据库。客户将输入他们的用户名和密码才能查看他们的数据。我听说过 VPN、ISA、TMG、终端服务、代理服务器等术语。我需要一个快速且安全的 n 层架构。
PS 我听说过数据库前面有Web服务。我可以使用 WCF 检索、更新、插入数据吗?就安全性和性能而言,这是否是一个好方法?
This question is an updated version of a previous question I have asked on here.
I am new to client-server model with SQL Server as the relational database. I have read that public access to SQL Server is not secure. If direct access to the database is not a good practice, then what kind of layer should be placed between the server and the client? Note that I have a desktop application that will serve as the client and a remote SQL Server database that will provide data to the client. The client will input their username and password in order to see their data. I have heard of terms like VPN, ISA, TMG, Terminal Services, proxy server, and so on. I need a fast and secure n-tier architecture.
P.S. I have heard of web services in front of the database. Can I use WCF to retrieve, update, insert data? Would it be a good approach in terms of security and performance?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Web 服务层对于智能客户端来说非常常见,作为用户客户端和服务器之间的层。这允许:
您可以使用 WCF 与应用程序层对话,但您不应该考虑“INSERT”、“UPDATE”等 - 您应该考虑对您的域模型有意义的操作 - “ CreateOrder”操作等。ADO.NET 数据服务允许 API 与“INSERT”等更相似,但它不一定像您希望的安全服务那样受到控制。
性能实际上是“我正在运行什么查询?”的一个因素。以及“我要传输多少数据?”。只要您保持操作正常(即不要通过网络获取整个“订单”数据只是为了查找最近的订单日期),那么您应该没问题。
A web-service tier is pretty common for smart-clients as a layer between the user-client and the server. This allows:
You can use WCF to talk to the app layer, but you shouldn't think in terms of "INSERT", "UPDATE" etc - you should think in terms of operations that make sense to your domain model - the "CreateOrder" operation, etc. ADO.NET Data Services allows an API more similar to your "INSERT" etc, but it isn't necessarily as controlled as you might like for a secure service.
Performance is really a factor of "what queries am I running?" and "how much data am I transferring?". As long as you keep the operations sane (i.e. don't fetch the entire "Orders" data over the wire just to find the most recent order-date), then you should be OK.