Data sent to the SQL server hosted on the net is unencrypted. Including your username and password. I would suggest configuring a VPN connection or a secure tunnel. There was also talk about a SQL worm which exploited the administrator account with "sa" no password. And there's a couple of buffer overflow problems related to in this case to SQL 2000. http://online.securityfocus.com/archive/1/277670 Hope this helps Regards Steven -----Original Message----- From: Jon Booth [mailto:jon@xxxxxxxxxxxxxx] Sent: 03 July 2002 08:41 To: [ISAserver.org Discussion List] Subject: [isalist] General Security Question http://www.ISAserver.org If I allow an outbound SQL Server connection to a specific trusted external address what possible security risks does this pose? Could someone please outline some no matter how paranoid. Being a security novice I often wonder about this (SQL being just an example) and would like some clarification. Thanks Jon ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: sporens@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')