问题
When you're creating an SQL server on Azure, there is the option to
"ALLOW WINDOWS AZURE SERVICES TO ACCESS THE SERVER."
Does this mean that some other application (other than my own applications) hosted on Azure, like a website, can access my sql server?
There is username password, of course, but I'm afraid they can be brute forced.
Is this a legitimate concern?
回答1:
Yes, "Allow access to Azure services" is a shortcut that allows any Azure-hosted service through the firewall (though the other service still needs to know the server name and a SQL Authentication username/password, as you mention). This shortcut is for convenience, since your app's IP address can change if the VMs in your cloud service fail over or shut down.
To avoid using this shortcut, you could create a reserved virtual IP address (VIP) for your cloud service. This allows your app to have a persistent public IP address, which you can specifically and selectively allow through the server firewall for your SQL Database.
来源:https://stackoverflow.com/questions/28914844/azure-sql-server-security