Microsoft Project connection security problem, project vs IT sup

[best]

Our team use Microsoft Project with Microsoft Project Server to manage our
projects and tasks.
It is useful and we have used it for several Months.
But recently,IT support tell us that they will close the sql server database
service port 1433 for human users . and i found that if it happened ,Project
can not connect to Project Server, the reason is that Project directly
connects to Project Server's database when it works.
Is there some way to uses Project without directly connect to Project
Server's database?
Or anybody has a alternate idea to handle this situation?

 

[Rod Gill]

Project Professional has to have port 1433 open to read from the database.
Project 2007 only uses http and so doesn't need 1433. So, if you can wait
until years end?!!

 

[best]

Maybe it is a good idea , but IT Support does not like wait......

We will try the Aspose's solution of use Project file

 

[Rolly Perreaux]

Hi Best,

Question...

Does your IT Support oppose having Project Pro users connect directly to
the SQL database or just using SQL port 1433? Not that it makes a
difference in your case.

I'm just curious to know why they feel they need to close port 1433
internally.

Let us know whn you have a chance
Thanks,

--
Rolly Perreaux, PMP, MCSE
Project Server Trainer/Consultant

TriMagna Corporation
Microsoft Gold Partner
http://www.trimagna.com

 

[best]

users can not make sure their machine does not have spyware, and IT support
think not all users are good guy,if someone can directly connect to sql
server, then he has chance to know the database UserID/Password. so , they
plan to block human users from 1433 port.

 

[Rolly Perreaux]

Hi Best,

Sorry, don't mean to pry...
But how does your IT Support team plan to "block _human users_ from 1433
port"? What about the non-human users (ie, software, scripts, etc.)

I think your IT Support team might have a bigger security problem on
their hands if they think that blocking port 1433 internally will solve
their symptom. <--- Notice it's not a problem

Does your organization have a Threat Management system?
We use CA Integrated Threat Management r8 and haven't had a single
problem. http://www3.ca.com/smb/product.aspx?id=5703&culture=en-us

I know it doesn't solve your Project Pro connectivity problem, but it's
just food for thought.

--
Rolly Perreaux, PMP, MCSE
Project Server Trainer/Consultant

TriMagna Corporation
Microsoft Gold Partner
http://www.trimagna.com

 

[Ray]

Ask them to set up TCPIP Filtering on the NIC TCP/IP Properties of the SQL
server and to then give the users with Project Pro static IP addresses or
DHCP reservations and allow them through the filters.

When you break a business application for "security" reasons, you need to
fix your "security."

Perhaps a better way to secure things would be to:

1. Clean up the end user computers.
2. Make the end users Restricted Users so they cannot get spyware and other
garbageware installed
3. Force Windows Authentication to SQL (as Project Pro uses) and prohibit
SQL Authentication

Ports are "open" because some application is using it.

Ray
CISSP