I need to have a datasnap server running on a simple Azure VM (B1s) machine with a static public IP address. The database is Azure SQL in a US datacenter. The VM is proximate to the user.
The database and the VM are not in the company LAN. Neither have any access to the company network. Neither have any user credentials. No data is saved on the VM.
All data transferred is encrypted and compressed.
As this is a secondary project I don’t have time to develop and get the required certificates for HTTPS connection. Also, I have seen that TCP connection is ~30% faster than HTTP due to smaller payload.
Performance is essential.
Watching some of the “TCoffeeAndCode” episodes I have heard that leaving a port open on a publicly accessible VM is dangerous and a “No No”. On the other hand others say an open port does not immediately mean a security issue. It depends on the service using the port. I also know others have successfully used datasnap in this way.
My security assertions thus far are:
- there is no access to any network assets
- datasnap stream is binary and encrypted
- the application only has has access to database stored procedures
However, another vendor implementing and managing the azure assets (sql database and VMs) has already indicated it might have security issues with this configuration.
I was wondering if anyone has had experience in this field and wanted to share some thoughts.