I want to set up a database on (or mapped from) my webserver that can be read
and written to by an internet user and by users on my internal network. My
issue is the location and sharing of the .mdb file. I'm using ASP and have no
problem with the web side of the project, but I want to make it accessible
(npi) from my internal network. I envisioned a setup like this:

Web ----- Router------DMZ------Web Server
| |
| X
| |
| DB Server
| |
----Internal Network---


Configuration A

The web server is a W2K3 Standard server using IIS 6.0, the Internal Network
is a W2K3 Standard Server Domain, and the db server is an XP client member of
the internal domain, with the db folder set for everyone's use.

The connection between the webserver and the DB server was intended to be a
crossover ethernet cable (the X in config. A) but I could not get the shares
to work.
I changed to a regular dedicated segment with fixed IP's but could
only get the shares to work in the wrong direction. see config B.

Web ----- Router------DMZ------Web Server
| |
| --------
| |
| DB Server
| |
----Internal Network---------

Configuration B


My first question is, is it safe to configure like this:

Web ----- Router------DMZ------Web Server
| |
| |
| |
----Internal Network---


Configuration C

In this configuration, the database would be on the web server, the
webserver would join the internal domain and share the database folder on the
internal network - what safeguards are needed to keep the hackers at bay? How
do I keep the servers from sparring over the internal domain?

I would prefer to use config A so that I don't have servers on the same
network, and somewhere I heard that a separate database server is good idea,
but can an XP Pro machine do that? Do I need to enable IIS on it to get the
share to work on both sides?
I will also post this in the Web Services General group -
TIA

For safety's sake, I would set up a hardware firewall between the web and
the router. You should be able to set up a DSN to connect your ASP app to
the database without any problem. Yes, you need to enable IIS, and you need
to give I_USR all permissions with the exception of Full Control. You can
use any Windows machine as a JET database server, but it really doesn't make
any difference if you use a separate machine for a server or not. The only
time I've ever used a separate machine is if there is really heavy usage
(and I prefer a SQL-Server engine for that) or for security purposes (and I
prefer SQL-Server if security needs to be really stringent)
--
Arvin Meyer, MCP, MVP
http://www.datastrat.com
http://www.mvps.org/access
http://www.accessmvp.com


"John F" <john@taminc[nospam].com> wrote in message
news:4CE2EA2C-19EC-4E4F-894D-(E-Mail Removed)...
>I want to set up a database on (or mapped from) my webserver that can be
>read
> and written to by an internet user and by users on my internal network. My
> issue is the location and sharing of the .mdb file. I'm using ASP and have
> no
> problem with the web side of the project, but I want to make it accessible
> (npi) from my internal network. I envisioned a setup like this:
>
> Web ----- Router------DMZ------Web Server
> | |
> | X
> | |
> | DB Server
> | |
> ----Internal Network---
>
>
> Configuration A
>
> The web server is a W2K3 Standard server using IIS 6.0, the Internal
> Network
> is a W2K3 Standard Server Domain, and the db server is an XP client member
> of
> the internal domain, with the db folder set for everyone's use.
>
> The connection between the webserver and the DB server was intended to be
> a
> crossover ethernet cable (the X in config. A) but I could not get the
> shares
> to work.
> I changed to a regular dedicated segment with fixed IP's but could
> only get the shares to work in the wrong direction. see config B.
>
> Web ----- Router------DMZ------Web Server
> | |
> | --------
> | |
> | DB Server
> | |
> ----Internal Network---------
>
> Configuration B
>
>
> My first question is, is it safe to configure like this:
>
> Web ----- Router------DMZ------Web Server
> | |
> | |
> | |
> ----Internal Network---
>
>
> Configuration C
>
> In this configuration, the database would be on the web server, the
> webserver would join the internal domain and share the database folder on
> the
> internal network - what safeguards are needed to keep the hackers at bay?
> How
> do I keep the servers from sparring over the internal domain?
>
> I would prefer to use config A so that I don't have servers on the same
> network, and somewhere I heard that a separate database server is good
> idea,
> but can an XP Pro machine do that? Do I need to enable IIS on it to get
> the
> share to work on both sides?
> I will also post this in the Web Services General group -
> TIA

thanks - I left the firewall out of the sketch but I do have one. My
problem is that when I put the db on the separate server I can't map a drive
to it, which I need for my connection string. I realize this is a share
problem rather than an Access problem, but are you suggesting that enabling
IIS on the XP machine will solve that?

"Arvin Meyer [MVP]" wrote:

> For safety's sake, I would set up a hardware firewall between the web and
> the router. You should be able to set up a DSN to connect your ASP app to
> the database without any problem. Yes, you need to enable IIS, and you need
> to give I_USR all permissions with the exception of Full Control. You can
> use any Windows machine as a JET database server, but it really doesn't make
> any difference if you use a separate machine for a server or not. The only
> time I've ever used a separate machine is if there is really heavy usage
> (and I prefer a SQL-Server engine for that) or for security purposes (and I
> prefer SQL-Server if security needs to be really stringent)
> --
> Arvin Meyer, MCP, MVP
> http://www.datastrat.com
> http://www.mvps.org/access
> http://www.accessmvp.com
>
>
> "John F" <john@taminc[nospam].com> wrote in message
> news:4CE2EA2C-19EC-4E4F-894D-(E-Mail Removed)...
> >I want to set up a database on (or mapped from) my webserver that can be
> >read
> > and written to by an internet user and by users on my internal network. My
> > issue is the location and sharing of the .mdb file. I'm using ASP and have
> > no
> > problem with the web side of the project, but I want to make it accessible
> > (npi) from my internal network. I envisioned a setup like this:
> >
> > Web ----- Router------DMZ------Web Server
> > | |
> > | X
> > | |
> > | DB Server
> > | |
> > ----Internal Network---
> >
> >
> > Configuration A
> >
> > The web server is a W2K3 Standard server using IIS 6.0, the Internal
> > Network
> > is a W2K3 Standard Server Domain, and the db server is an XP client member
> > of
> > the internal domain, with the db folder set for everyone's use.
> >
> > The connection between the webserver and the DB server was intended to be
> > a
> > crossover ethernet cable (the X in config. A) but I could not get the
> > shares
> > to work.
> > I changed to a regular dedicated segment with fixed IP's but could
> > only get the shares to work in the wrong direction. see config B.
> >
> > Web ----- Router------DMZ------Web Server
> > | |
> > | --------
> > | |
> > | DB Server
> > | |
> > ----Internal Network---------
> >
> > Configuration B
> >
> >
> > My first question is, is it safe to configure like this:
> >
> > Web ----- Router------DMZ------Web Server
> > | |
> > | |
> > | |
> > ----Internal Network---
> >
> >
> > Configuration C
> >
> > In this configuration, the database would be on the web server, the
> > webserver would join the internal domain and share the database folder on
> > the
> > internal network - what safeguards are needed to keep the hackers at bay?
> > How
> > do I keep the servers from sparring over the internal domain?
> >
> > I would prefer to use config A so that I don't have servers on the same
> > network, and somewhere I heard that a separate database server is good
> > idea,
> > but can an XP Pro machine do that? Do I need to enable IIS on it to get
> > the
> > share to work on both sides?
> > I will also post this in the Web Services General group -
> > TIA
>
>
>

If you can put a file on the server, you should be able to map a drive to
it, or at least use a UNC mapping to the share. You could enable IIS on the
XP machine, but it won't be anywhere near as capable as a server to fend off
an attack.
--
Arvin Meyer, MCP, MVP
http://www.datastrat.com
http://www.mvps.org/access
http://www.accessmvp.com


"John F" <john@taminc[nospam].com> wrote in message
news:8F271B3D-5937-4B4C-B81F-(E-Mail Removed)...
> thanks - I left the firewall out of the sketch but I do have one. My
> problem is that when I put the db on the separate server I can't map a
> drive
> to it, which I need for my connection string. I realize this is a share
> problem rather than an Access problem, but are you suggesting that
> enabling
> IIS on the XP machine will solve that?
>
> "Arvin Meyer [MVP]" wrote:
>
>> For safety's sake, I would set up a hardware firewall between the web and
>> the router. You should be able to set up a DSN to connect your ASP app to
>> the database without any problem. Yes, you need to enable IIS, and you
>> need
>> to give I_USR all permissions with the exception of Full Control. You can
>> use any Windows machine as a JET database server, but it really doesn't
>> make
>> any difference if you use a separate machine for a server or not. The
>> only
>> time I've ever used a separate machine is if there is really heavy usage
>> (and I prefer a SQL-Server engine for that) or for security purposes (and
>> I
>> prefer SQL-Server if security needs to be really stringent)
>> --
>> Arvin Meyer, MCP, MVP
>> http://www.datastrat.com
>> http://www.mvps.org/access
>> http://www.accessmvp.com
>>
>>
>> "John F" <john@taminc[nospam].com> wrote in message
>> news:4CE2EA2C-19EC-4E4F-894D-(E-Mail Removed)...
>> >I want to set up a database on (or mapped from) my webserver that can be
>> >read
>> > and written to by an internet user and by users on my internal network.
>> > My
>> > issue is the location and sharing of the .mdb file. I'm using ASP and
>> > have
>> > no
>> > problem with the web side of the project, but I want to make it
>> > accessible
>> > (npi) from my internal network. I envisioned a setup like this:
>> >
>> > Web ----- Router------DMZ------Web Server
>> > | |
>> > | X
>> > | |
>> > | DB Server
>> > | |
>> > ----Internal Network---
>> >
>> >
>> > Configuration A
>> >
>> > The web server is a W2K3 Standard server using IIS 6.0, the Internal
>> > Network
>> > is a W2K3 Standard Server Domain, and the db server is an XP client
>> > member
>> > of
>> > the internal domain, with the db folder set for everyone's use.
>> >
>> > The connection between the webserver and the DB server was intended to
>> > be
>> > a
>> > crossover ethernet cable (the X in config. A) but I could not get the
>> > shares
>> > to work.
>> > I changed to a regular dedicated segment with fixed IP's but could
>> > only get the shares to work in the wrong direction. see config B.
>> >
>> > Web ----- Router------DMZ------Web Server
>> > | |
>> > | --------
>> > | |
>> > | DB Server
>> > | |
>> > ----Internal Network---------
>> >
>> > Configuration B
>> >
>> >
>> > My first question is, is it safe to configure like this:
>> >
>> > Web ----- Router------DMZ------Web Server
>> > | |
>> > | |
>> > | |
>> > ----Internal Network---
>> >
>> >
>> > Configuration C
>> >
>> > In this configuration, the database would be on the web server, the
>> > webserver would join the internal domain and share the database folder
>> > on
>> > the
>> > internal network - what safeguards are needed to keep the hackers at
>> > bay?
>> > How
>> > do I keep the servers from sparring over the internal domain?
>> >
>> > I would prefer to use config A so that I don't have servers on the same
>> > network, and somewhere I heard that a separate database server is good
>> > idea,
>> > but can an XP Pro machine do that? Do I need to enable IIS on it to
>> > get
>> > the
>> > share to work on both sides?
>> > I will also post this in the Web Services General group -
>> > TIA
>>
>>
>>

I put Config C up and the shares work fine - now I have a new problem, I
can't view my websites, presumably because the port 80 requests are going
through the local segment rather than out to DNS and back. Topic for a
different forum, I know. Thanks for the help with the Access side of it.

"Arvin Meyer [MVP]" wrote:

> If you can put a file on the server, you should be able to map a drive to
> it, or at least use a UNC mapping to the share. You could enable IIS on the
> XP machine, but it won't be anywhere near as capable as a server to fend off
> an attack.
> --
> Arvin Meyer, MCP, MVP
> http://www.datastrat.com
> http://www.mvps.org/access
> http://www.accessmvp.com
>
>
> "John F" <john@taminc[nospam].com> wrote in message
> news:8F271B3D-5937-4B4C-B81F-(E-Mail Removed)...
> > thanks - I left the firewall out of the sketch but I do have one. My
> > problem is that when I put the db on the separate server I can't map a
> > drive
> > to it, which I need for my connection string. I realize this is a share
> > problem rather than an Access problem, but are you suggesting that
> > enabling
> > IIS on the XP machine will solve that?
> >
> > "Arvin Meyer [MVP]" wrote:
> >
> >> For safety's sake, I would set up a hardware firewall between the web and
> >> the router. You should be able to set up a DSN to connect your ASP app to
> >> the database without any problem. Yes, you need to enable IIS, and you
> >> need
> >> to give I_USR all permissions with the exception of Full Control. You can
> >> use any Windows machine as a JET database server, but it really doesn't
> >> make
> >> any difference if you use a separate machine for a server or not. The
> >> only
> >> time I've ever used a separate machine is if there is really heavy usage
> >> (and I prefer a SQL-Server engine for that) or for security purposes (and
> >> I
> >> prefer SQL-Server if security needs to be really stringent)
> >> --
> >> Arvin Meyer, MCP, MVP
> >> http://www.datastrat.com
> >> http://www.mvps.org/access
> >> http://www.accessmvp.com
> >>
> >>
> >> "John F" <john@taminc[nospam].com> wrote in message
> >> news:4CE2EA2C-19EC-4E4F-894D-(E-Mail Removed)...
> >> >I want to set up a database on (or mapped from) my webserver that can be
> >> >read
> >> > and written to by an internet user and by users on my internal network.
> >> > My
> >> > issue is the location and sharing of the .mdb file. I'm using ASP and
> >> > have
> >> > no
> >> > problem with the web side of the project, but I want to make it
> >> > accessible
> >> > (npi) from my internal network. I envisioned a setup like this:
> >> >
> >> > Web ----- Router------DMZ------Web Server
> >> > | |
> >> > | X
> >> > | |
> >> > | DB Server
> >> > | |
> >> > ----Internal Network---
> >> >
> >> >
> >> > Configuration A
> >> >
> >> > The web server is a W2K3 Standard server using IIS 6.0, the Internal
> >> > Network
> >> > is a W2K3 Standard Server Domain, and the db server is an XP client
> >> > member
> >> > of
> >> > the internal domain, with the db folder set for everyone's use.
> >> >
> >> > The connection between the webserver and the DB server was intended to
> >> > be
> >> > a
> >> > crossover ethernet cable (the X in config. A) but I could not get the
> >> > shares
> >> > to work.
> >> > I changed to a regular dedicated segment with fixed IP's but could
> >> > only get the shares to work in the wrong direction. see config B.
> >> >
> >> > Web ----- Router------DMZ------Web Server
> >> > | |
> >> > | --------
> >> > | |
> >> > | DB Server
> >> > | |
> >> > ----Internal Network---------
> >> >
> >> > Configuration B
> >> >
> >> >
> >> > My first question is, is it safe to configure like this:
> >> >
> >> > Web ----- Router------DMZ------Web Server
> >> > | |
> >> > | |
> >> > | |
> >> > ----Internal Network---
> >> >
> >> >
> >> > Configuration C
> >> >
> >> > In this configuration, the database would be on the web server, the
> >> > webserver would join the internal domain and share the database folder
> >> > on
> >> > the
> >> > internal network - what safeguards are needed to keep the hackers at
> >> > bay?
> >> > How
> >> > do I keep the servers from sparring over the internal domain?
> >> >
> >> > I would prefer to use config A so that I don't have servers on the same
> >> > network, and somewhere I heard that a separate database server is good
> >> > idea,
> >> > but can an XP Pro machine do that? Do I need to enable IIS on it to
> >> > get
> >> > the
> >> > share to work on both sides?
> >> > I will also post this in the Web Services General group -
> >> > TIA
> >>
> >>
> >>
>
>
>

You might try adding an entry in your hosts file:

C:\WINDOWS\system32\drivers\etc\hosts
--
Arvin Meyer, MCP, MVP
http://www.datastrat.com
http://www.mvps.org/access
http://www.accessmvp.com


"John F" <john@taminc[nospam].com> wrote in message
news:23F9E21E-1173-4398-ACA3-(E-Mail Removed)...
>I put Config C up and the shares work fine - now I have a new problem, I
> can't view my websites, presumably because the port 80 requests are going
> through the local segment rather than out to DNS and back. Topic for a
> different forum, I know. Thanks for the help with the Access side of it.
>
> "Arvin Meyer [MVP]" wrote:
>
>> If you can put a file on the server, you should be able to map a drive to
>> it, or at least use a UNC mapping to the share. You could enable IIS on
>> the
>> XP machine, but it won't be anywhere near as capable as a server to fend
>> off
>> an attack.
>> --
>> Arvin Meyer, MCP, MVP
>> http://www.datastrat.com
>> http://www.mvps.org/access
>> http://www.accessmvp.com
>>
>>
>> "John F" <john@taminc[nospam].com> wrote in message
>> news:8F271B3D-5937-4B4C-B81F-(E-Mail Removed)...
>> > thanks - I left the firewall out of the sketch but I do have one. My
>> > problem is that when I put the db on the separate server I can't map a
>> > drive
>> > to it, which I need for my connection string. I realize this is a
>> > share
>> > problem rather than an Access problem, but are you suggesting that
>> > enabling
>> > IIS on the XP machine will solve that?
>> >
>> > "Arvin Meyer [MVP]" wrote:
>> >
>> >> For safety's sake, I would set up a hardware firewall between the web
>> >> and
>> >> the router. You should be able to set up a DSN to connect your ASP app
>> >> to
>> >> the database without any problem. Yes, you need to enable IIS, and you
>> >> need
>> >> to give I_USR all permissions with the exception of Full Control. You
>> >> can
>> >> use any Windows machine as a JET database server, but it really
>> >> doesn't
>> >> make
>> >> any difference if you use a separate machine for a server or not. The
>> >> only
>> >> time I've ever used a separate machine is if there is really heavy
>> >> usage
>> >> (and I prefer a SQL-Server engine for that) or for security purposes
>> >> (and
>> >> I
>> >> prefer SQL-Server if security needs to be really stringent)
>> >> --
>> >> Arvin Meyer, MCP, MVP
>> >> http://www.datastrat.com
>> >> http://www.mvps.org/access
>> >> http://www.accessmvp.com
>> >>
>> >>
>> >> "John F" <john@taminc[nospam].com> wrote in message
>> >> news:4CE2EA2C-19EC-4E4F-894D-(E-Mail Removed)...
>> >> >I want to set up a database on (or mapped from) my webserver that can
>> >> >be
>> >> >read
>> >> > and written to by an internet user and by users on my internal
>> >> > network.
>> >> > My
>> >> > issue is the location and sharing of the .mdb file. I'm using ASP
>> >> > and
>> >> > have
>> >> > no
>> >> > problem with the web side of the project, but I want to make it
>> >> > accessible
>> >> > (npi) from my internal network. I envisioned a setup like this:
>> >> >
>> >> > Web ----- Router------DMZ------Web Server
>> >> > | |
>> >> > | X
>> >> > | |
>> >> > | DB Server
>> >> > | |
>> >> > ----Internal Network---
>> >> >
>> >> >
>> >> > Configuration A
>> >> >
>> >> > The web server is a W2K3 Standard server using IIS 6.0, the Internal
>> >> > Network
>> >> > is a W2K3 Standard Server Domain, and the db server is an XP client
>> >> > member
>> >> > of
>> >> > the internal domain, with the db folder set for everyone's use.
>> >> >
>> >> > The connection between the webserver and the DB server was intended
>> >> > to
>> >> > be
>> >> > a
>> >> > crossover ethernet cable (the X in config. A) but I could not get
>> >> > the
>> >> > shares
>> >> > to work.
>> >> > I changed to a regular dedicated segment with fixed IP's but could
>> >> > only get the shares to work in the wrong direction. see config B.
>> >> >
>> >> > Web ----- Router------DMZ------Web Server
>> >> > | |
>> >> > | --------
>> >> > | |
>> >> > | DB Server
>> >> > | |
>> >> > ----Internal Network---------
>> >> >
>> >> > Configuration B
>> >> >
>> >> >
>> >> > My first question is, is it safe to configure like this:
>> >> >
>> >> > Web ----- Router------DMZ------Web Server
>> >> > | |
>> >> > | |
>> >> > | |
>> >> > ----Internal Network---
>> >> >
>> >> >
>> >> > Configuration C
>> >> >
>> >> > In this configuration, the database would be on the web server, the
>> >> > webserver would join the internal domain and share the database
>> >> > folder
>> >> > on
>> >> > the
>> >> > internal network - what safeguards are needed to keep the hackers at
>> >> > bay?
>> >> > How
>> >> > do I keep the servers from sparring over the internal domain?
>> >> >
>> >> > I would prefer to use config A so that I don't have servers on the
>> >> > same
>> >> > network, and somewhere I heard that a separate database server is
>> >> > good
>> >> > idea,
>> >> > but can an XP Pro machine do that? Do I need to enable IIS on it to
>> >> > get
>> >> > the
>> >> > share to work on both sides?
>> >> > I will also post this in the Web Services General group -
>> >> > TIA
>> >>
>> >>
>> >>
>>
>>
>>

I tried on a workstation and on the internal network's server - no luck.

"Arvin Meyer [MVP]" wrote:

> You might try adding an entry in your hosts file:
>
> C:\WINDOWS\system32\drivers\etc\hosts
> --
> Arvin Meyer, MCP, MVP
> http://www.datastrat.com
> http://www.mvps.org/access
> http://www.accessmvp.com
>
>
> "John F" <john@taminc[nospam].com> wrote in message
> news:23F9E21E-1173-4398-ACA3-(E-Mail Removed)...
> >I put Config C up and the shares work fine - now I have a new problem, I
> > can't view my websites, presumably because the port 80 requests are going
> > through the local segment rather than out to DNS and back. Topic for a
> > different forum, I know. Thanks for the help with the Access side of it.
> >
> > "Arvin Meyer [MVP]" wrote:
> >
> >> If you can put a file on the server, you should be able to map a drive to
> >> it, or at least use a UNC mapping to the share. You could enable IIS on
> >> the
> >> XP machine, but it won't be anywhere near as capable as a server to fend
> >> off
> >> an attack.
> >> --
> >> Arvin Meyer, MCP, MVP
> >> http://www.datastrat.com
> >> http://www.mvps.org/access
> >> http://www.accessmvp.com
> >>
> >>
> >> "John F" <john@taminc[nospam].com> wrote in message
> >> news:8F271B3D-5937-4B4C-B81F-(E-Mail Removed)...
> >> > thanks - I left the firewall out of the sketch but I do have one. My
> >> > problem is that when I put the db on the separate server I can't map a
> >> > drive
> >> > to it, which I need for my connection string. I realize this is a
> >> > share
> >> > problem rather than an Access problem, but are you suggesting that
> >> > enabling
> >> > IIS on the XP machine will solve that?
> >> >
> >> > "Arvin Meyer [MVP]" wrote:
> >> >
> >> >> For safety's sake, I would set up a hardware firewall between the web
> >> >> and
> >> >> the router. You should be able to set up a DSN to connect your ASP app
> >> >> to
> >> >> the database without any problem. Yes, you need to enable IIS, and you
> >> >> need
> >> >> to give I_USR all permissions with the exception of Full Control. You
> >> >> can
> >> >> use any Windows machine as a JET database server, but it really
> >> >> doesn't
> >> >> make
> >> >> any difference if you use a separate machine for a server or not. The
> >> >> only
> >> >> time I've ever used a separate machine is if there is really heavy
> >> >> usage
> >> >> (and I prefer a SQL-Server engine for that) or for security purposes
> >> >> (and
> >> >> I
> >> >> prefer SQL-Server if security needs to be really stringent)
> >> >> --
> >> >> Arvin Meyer, MCP, MVP
> >> >> http://www.datastrat.com
> >> >> http://www.mvps.org/access
> >> >> http://www.accessmvp.com
> >> >>
> >> >>
> >> >> "John F" <john@taminc[nospam].com> wrote in message
> >> >> news:4CE2EA2C-19EC-4E4F-894D-(E-Mail Removed)...
> >> >> >I want to set up a database on (or mapped from) my webserver that can
> >> >> >be
> >> >> >read
> >> >> > and written to by an internet user and by users on my internal
> >> >> > network.
> >> >> > My
> >> >> > issue is the location and sharing of the .mdb file. I'm using ASP
> >> >> > and
> >> >> > have
> >> >> > no
> >> >> > problem with the web side of the project, but I want to make it
> >> >> > accessible
> >> >> > (npi) from my internal network. I envisioned a setup like this:
> >> >> >
> >> >> > Web ----- Router------DMZ------Web Server
> >> >> > | |
> >> >> > | X
> >> >> > | |
> >> >> > | DB Server
> >> >> > | |
> >> >> > ----Internal Network---
> >> >> >
> >> >> >
> >> >> > Configuration A
> >> >> >
> >> >> > The web server is a W2K3 Standard server using IIS 6.0, the Internal
> >> >> > Network
> >> >> > is a W2K3 Standard Server Domain, and the db server is an XP client
> >> >> > member
> >> >> > of
> >> >> > the internal domain, with the db folder set for everyone's use.
> >> >> >
> >> >> > The connection between the webserver and the DB server was intended
> >> >> > to
> >> >> > be
> >> >> > a
> >> >> > crossover ethernet cable (the X in config. A) but I could not get
> >> >> > the
> >> >> > shares
> >> >> > to work.
> >> >> > I changed to a regular dedicated segment with fixed IP's but could
> >> >> > only get the shares to work in the wrong direction. see config B.
> >> >> >
> >> >> > Web ----- Router------DMZ------Web Server
> >> >> > | |
> >> >> > | --------
> >> >> > | |
> >> >> > | DB Server
> >> >> > | |
> >> >> > ----Internal Network---------
> >> >> >
> >> >> > Configuration B
> >> >> >
> >> >> >
> >> >> > My first question is, is it safe to configure like this:
> >> >> >
> >> >> > Web ----- Router------DMZ------Web Server
> >> >> > | |
> >> >> > | |
> >> >> > | |
> >> >> > ----Internal Network---
> >> >> >
> >> >> >
> >> >> > Configuration C
> >> >> >
> >> >> > In this configuration, the database would be on the web server, the
> >> >> > webserver would join the internal domain and share the database
> >> >> > folder
> >> >> > on
> >> >> > the
> >> >> > internal network - what safeguards are needed to keep the hackers at
> >> >> > bay?
> >> >> > How
> >> >> > do I keep the servers from sparring over the internal domain?
> >> >> >
> >> >> > I would prefer to use config A so that I don't have servers on the
> >> >> > same
> >> >> > network, and somewhere I heard that a separate database server is
> >> >> > good
> >> >> > idea,
> >> >> > but can an XP Pro machine do that? Do I need to enable IIS on it to
> >> >> > get
> >> >> > the
> >> >> > share to work on both sides?
> >> >> > I will also post this in the Web Services General group -
> >> >> > TIA
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>

Persistence pays! I got config B to work by sticking a Net Use line in a
startup batch file on the web server. Windows Explorer couldn't find the xp
box but Ping could, so I tried Net Use and it worked. All is well! Thanks
to all for proposed solutions, I learned a lot!

"John F" wrote:

> I want to set up a database on (or mapped from) my webserver that can be read
> and written to by an internet user and by users on my internal network. My
> issue is the location and sharing of the .mdb file. I'm using ASP and have no
> problem with the web side of the project, but I want to make it accessible
> (npi) from my internal network. I envisioned a setup like this:
>
> Web ----- Router------DMZ------Web Server
> | |
> | X
> | |
> | DB Server
> | |
> ----Internal Network---
>
>
> Configuration A
>
> The web server is a W2K3 Standard server using IIS 6.0, the Internal Network
> is a W2K3 Standard Server Domain, and the db server is an XP client member of
> the internal domain, with the db folder set for everyone's use.
>
> The connection between the webserver and the DB server was intended to be a
> crossover ethernet cable (the X in config. A) but I could not get the shares
> to work.
> I changed to a regular dedicated segment with fixed IP's but could
> only get the shares to work in the wrong direction. see config B.
>
> Web ----- Router------DMZ------Web Server
> | |
> | --------
> | |
> | DB Server
> | |
> ----Internal Network---------
>
> Configuration B
>
>
> My first question is, is it safe to configure like this:
>
> Web ----- Router------DMZ------Web Server
> | |
> | |
> | |
> ----Internal Network---
>
>
> Configuration C
>
> In this configuration, the database would be on the web server, the
> webserver would join the internal domain and share the database folder on the
> internal network - what safeguards are needed to keep the hackers at bay? How
> do I keep the servers from sparring over the internal domain?
>
> I would prefer to use config A so that I don't have servers on the same
> network, and somewhere I heard that a separate database server is good idea,
> but can an XP Pro machine do that? Do I need to enable IIS on it to get the
> share to work on both sides?
> I will also post this in the Web Services General group -
> TIA

I'm out of ideas. I've never seen a situation where adding the machine's IP
Address to the hosts file wouldn't solve the problem, unless you have not
permanent IP addresses. Try asking in one of the IIS newsgroups.
--
Arvin Meyer, MCP, MVP
http://www.datastrat.com
http://www.mvps.org/access
http://www.accessmvp.com


"John F" <john@taminc[nospam].com> wrote in message
news:9C9EB8F3-7876-40E7-BADA-(E-Mail Removed)...
>I tried on a workstation and on the internal network's server - no luck.
>
> "Arvin Meyer [MVP]" wrote:
>
>> You might try adding an entry in your hosts file:
>>
>> C:\WINDOWS\system32\drivers\etc\hosts
>> --
>> Arvin Meyer, MCP, MVP
>> http://www.datastrat.com
>> http://www.mvps.org/access
>> http://www.accessmvp.com
>>
>>
>> "John F" <john@taminc[nospam].com> wrote in message
>> news:23F9E21E-1173-4398-ACA3-(E-Mail Removed)...
>> >I put Config C up and the shares work fine - now I have a new problem, I
>> > can't view my websites, presumably because the port 80 requests are
>> > going
>> > through the local segment rather than out to DNS and back. Topic for a
>> > different forum, I know. Thanks for the help with the Access side of
>> > it.
>> >
>> > "Arvin Meyer [MVP]" wrote:
>> >
>> >> If you can put a file on the server, you should be able to map a drive
>> >> to
>> >> it, or at least use a UNC mapping to the share. You could enable IIS
>> >> on
>> >> the
>> >> XP machine, but it won't be anywhere near as capable as a server to
>> >> fend
>> >> off
>> >> an attack.
>> >> --
>> >> Arvin Meyer, MCP, MVP
>> >> http://www.datastrat.com
>> >> http://www.mvps.org/access
>> >> http://www.accessmvp.com
>> >>
>> >>
>> >> "John F" <john@taminc[nospam].com> wrote in message
>> >> news:8F271B3D-5937-4B4C-B81F-(E-Mail Removed)...
>> >> > thanks - I left the firewall out of the sketch but I do have one.
>> >> > My
>> >> > problem is that when I put the db on the separate server I can't map
>> >> > a
>> >> > drive
>> >> > to it, which I need for my connection string. I realize this is a
>> >> > share
>> >> > problem rather than an Access problem, but are you suggesting that
>> >> > enabling
>> >> > IIS on the XP machine will solve that?
>> >> >
>> >> > "Arvin Meyer [MVP]" wrote:
>> >> >
>> >> >> For safety's sake, I would set up a hardware firewall between the
>> >> >> web
>> >> >> and
>> >> >> the router. You should be able to set up a DSN to connect your ASP
>> >> >> app
>> >> >> to
>> >> >> the database without any problem. Yes, you need to enable IIS, and
>> >> >> you
>> >> >> need
>> >> >> to give I_USR all permissions with the exception of Full Control.
>> >> >> You
>> >> >> can
>> >> >> use any Windows machine as a JET database server, but it really
>> >> >> doesn't
>> >> >> make
>> >> >> any difference if you use a separate machine for a server or not.
>> >> >> The
>> >> >> only
>> >> >> time I've ever used a separate machine is if there is really heavy
>> >> >> usage
>> >> >> (and I prefer a SQL-Server engine for that) or for security
>> >> >> purposes
>> >> >> (and
>> >> >> I
>> >> >> prefer SQL-Server if security needs to be really stringent)
>> >> >> --
>> >> >> Arvin Meyer, MCP, MVP
>> >> >> http://www.datastrat.com
>> >> >> http://www.mvps.org/access
>> >> >> http://www.accessmvp.com
>> >> >>
>> >> >>
>> >> >> "John F" <john@taminc[nospam].com> wrote in message
>> >> >> news:4CE2EA2C-19EC-4E4F-894D-(E-Mail Removed)...
>> >> >> >I want to set up a database on (or mapped from) my webserver that
>> >> >> >can
>> >> >> >be
>> >> >> >read
>> >> >> > and written to by an internet user and by users on my internal
>> >> >> > network.
>> >> >> > My
>> >> >> > issue is the location and sharing of the .mdb file. I'm using ASP
>> >> >> > and
>> >> >> > have
>> >> >> > no
>> >> >> > problem with the web side of the project, but I want to make it
>> >> >> > accessible
>> >> >> > (npi) from my internal network. I envisioned a setup like this:
>> >> >> >
>> >> >> > Web ----- Router------DMZ------Web Server
>> >> >> > | |
>> >> >> > | X
>> >> >> > | |
>> >> >> > | DB Server
>> >> >> > | |
>> >> >> > ----Internal Network---
>> >> >> >
>> >> >> >
>> >> >> > Configuration A
>> >> >> >
>> >> >> > The web server is a W2K3 Standard server using IIS 6.0, the
>> >> >> > Internal
>> >> >> > Network
>> >> >> > is a W2K3 Standard Server Domain, and the db server is an XP
>> >> >> > client
>> >> >> > member
>> >> >> > of
>> >> >> > the internal domain, with the db folder set for everyone's use.
>> >> >> >
>> >> >> > The connection between the webserver and the DB server was
>> >> >> > intended
>> >> >> > to
>> >> >> > be
>> >> >> > a
>> >> >> > crossover ethernet cable (the X in config. A) but I could not get
>> >> >> > the
>> >> >> > shares
>> >> >> > to work.
>> >> >> > I changed to a regular dedicated segment with fixed IP's but
>> >> >> > could
>> >> >> > only get the shares to work in the wrong direction. see config B.
>> >> >> >
>> >> >> > Web ----- Router------DMZ------Web Server
>> >> >> > | |
>> >> >> > | --------
>> >> >> > | |
>> >> >> > | DB Server
>> >> >> > | |
>> >> >> > ----Internal Network---------
>> >> >> >
>> >> >> > Configuration B
>> >> >> >
>> >> >> >
>> >> >> > My first question is, is it safe to configure like this:
>> >> >> >
>> >> >> > Web ----- Router------DMZ------Web Server
>> >> >> > | |
>> >> >> > | |
>> >> >> > | |
>> >> >> > ----Internal Network---
>> >> >> >
>> >> >> >
>> >> >> > Configuration C
>> >> >> >
>> >> >> > In this configuration, the database would be on the web server,
>> >> >> > the
>> >> >> > webserver would join the internal domain and share the database
>> >> >> > folder
>> >> >> > on
>> >> >> > the
>> >> >> > internal network - what safeguards are needed to keep the hackers
>> >> >> > at
>> >> >> > bay?
>> >> >> > How
>> >> >> > do I keep the servers from sparring over the internal domain?
>> >> >> >
>> >> >> > I would prefer to use config A so that I don't have servers on
>> >> >> > the
>> >> >> > same
>> >> >> > network, and somewhere I heard that a separate database server is
>> >> >> > good
>> >> >> > idea,
>> >> >> > but can an XP Pro machine do that? Do I need to enable IIS on it
>> >> >> > to
>> >> >> > get
>> >> >> > the
>> >> >> > share to work on both sides?
>> >> >> > I will also post this in the Web Services General group -
>> >> >> > TIA
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>