Wimdows.NET

Wim's .NET blog

SQL 2005 XML WebServices? Yuck...

At this years TechEd 2004 in Amsterdam, I went to a session regarding XML Web Services, which are basically now embedded into SQL 2005, provided it runs on Windows Server 2003 with the HTTP.SYS kernel. All I heard was how great all this stuff is for interoperability, Java clients connecting to your HTTP SOAP endpoint blah, blah etc...

I have some reservations about this. In fact, I won't be exposing HTTP endpoints from within SQL Server 2005 (when I get to use it in 2008 sometime ;-) ) to the Internet. Why? Simply because of the fact that I wouldn't want to expose a database server to the Internet. Sure, you configure a firewall and allow only the minimum ports and protocols required, but any network engineer would rather see a database server sitting in a DMZ, and rightly so.

So, how would you use these cool XML web services features when your SQL Server 2005 box is sitting in its own DMZ? Well, simple, as the presenter of the session told me afterwards - you use ISA server to route the HTTP requests through. Great. Sounds like an extra product that needs to be purchased and a lot of hassle to maintain all these mappings. I'll code my own web service, thanks very much.

Bottom line (all IMHO): use SQL 2005 XML web services if you require basic interoperability between apps on your local network, otherwise if you want to expose this to external, global apps, just don't go there.

Posted: Jul 29 2004, 11:13 PM by Wim | with 11 comment(s)
Filed under: ,

Comments

Jason said:

I think that this is one of the best features possible for a database. Of course this exposes the database to the internet, and so there are going to be security implications. All I know is that this feature will save me hundreds of hours of work after we've migrated to Yukon (in an enterprise environment), and I will embrace it as much as possible.

With all the new features of Web Services, I'd be surprised if you couldn't secure it somehow (WSE or something), and you can always use SSL.
# July 30, 2004 3:12 AM

Justin said:

"Sure, you configure a firewall and allow only the minimum ports and protocols required, but any network engineer would rather see a database server sitting in a DMZ, and rightly so" Whats your deffinition of a DMZ? a DMZ falls behind a firewall but still has public ip addresses (here's alittle modle: http://www.dmreview.com/editorial/dmreview/200209/200209_014_1.gif). And if your putting your database servers in your DMZ you're asking for issues. I would never put a database server anyware but in my LAN. You can open your LAN firewall to allow your web servers in the DMZ to talk to your database server in the LAN and only allow your database server to talk to those web servers and your internal network. But in your internal network having the ability to create web services right out of the database without extra servers would be great. Removing a step for your to have to write when creating internal applications
# July 30, 2004 3:27 AM

TrackBack said:

# August 6, 2004 1:37 PM

Michael Earls said:

Not every application needs ot be exposed to the Internet. This is ideal for many scenarios within an Intranet application architecture.

I agree with your reservations for exposing this to the public, as well.
# August 6, 2004 8:36 PM

Wim Hollebrandse said:

Michael - agreed, as I mentioned in the last paragraph.
# August 7, 2004 5:01 AM

Augustinos said:

Nice!

# April 21, 2007 3:56 AM

Agias said:

Interesting...

# April 23, 2007 6:53 PM

Tataki said:

Cool...

# May 4, 2007 4:46 PM

Dimitris said:

Cool...

# June 11, 2007 3:38 PM

Cletus said:

Nice

# June 12, 2007 1:51 PM

Alexiou said:

Cool...

# June 12, 2007 2:39 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)