I have been asked to develop a system that collects data from a Sql Server database and send that data in “some” format to a client as real-time as possible. The data is basic contact forms from a .net website. Names, phone numbers, email. No SSN type data.
The only parameters I know about the project are:
- The client will probably want multiple ways to consume to data.
Excel, Rss readers, lead management systems, etc. - The client has
expressed zero concern for security. - I am not going to just ignore
security because the client doesn’t care.
Full Disclosure: I am NOT a security expert.
I want to use some type of secure rss/xml feed because that would seem to offer the most options for the client to consume and it would be as real time as possible. However, many of the posts on this topic here at SO seem to suggest even with basic authentication and SSL, you are asking for trouble.
I could setup up a secure FTP download, but this doesn’t seem to make sense as it would require the client to constantly check for incoming contact forms/leads.
If all else fails I could just email CSV files every 2 or 3 minutes but this does not seem very good either.
I guess my main question is: Is there another way I am missing or is a secure Rss/Xml feed OK for this application?
Thanks.
IF the client is known then you can secure this rather good with SSL.
Use SSL not only on the server side but on the client-side too by requiring the clients identify themselves with a certificate… that certificate is installed once on the machine of the client/boss/whoever and made known to your server.
For some information on how to do this with IIS see: