SQL 2005 XML WebServices? Yuck...

At this years TechEd 2004 in Amsterdam, I went to a session regarding XML Web Services, which are basically now embedded into SQL 2005, provided it runs on Windows Server 2003 with the HTTP.SYS kernel. All I heard was how great all this stuff is for interoperability, Java clients connecting to your HTTP SOAP endpoint blah, blah etc...

I have some reservations about this. In fact, I won't be exposing HTTP endpoints from within SQL Server 2005 (when I get to use it in 2008 sometime ;-) ) to the Internet. Why? Simply because of the fact that I wouldn't want to expose a database server to the Internet. Sure, you configure a firewall and allow only the minimum ports and protocols required, but any network engineer would rather see a database server sitting in a DMZ, and rightly so.

So, how would you use these cool XML web services features when your SQL Server 2005 box is sitting in its own DMZ? Well, simple, as the presenter of the session told me afterwards - you use ISA server to route the HTTP requests through. Great. Sounds like an extra product that needs to be purchased and a lot of hassle to maintain all these mappings. I'll code my own web service, thanks very much.

Bottom line (all IMHO): use SQL 2005 XML web services if you require basic interoperability between apps on your local network, otherwise if you want to expose this to external, global apps, just don't go there.

3 Comments

  • I think that this is one of the best features possible for a database. Of course this exposes the database to the internet, and so there are going to be security implications. All I know is that this feature will save me hundreds of hours of work after we've migrated to Yukon (in an enterprise environment), and I will embrace it as much as possible.



    With all the new features of Web Services, I'd be surprised if you couldn't secure it somehow (WSE or something), and you can always use SSL.

  • Not every application needs ot be exposed to the Internet. This is ideal for many scenarios within an Intranet application architecture.



    I agree with your reservations for exposing this to the public, as well.

  • Michael - agreed, as I mentioned in the last paragraph.

Comments have been disabled for this content.