There is some concern from database administrators about exposing SQL Server directly to web traffic via the HTTP SOAP endpoints. This concern is not unreasonable, since you could potentially open up your server to unwanted traffic and attacks from the Internet. However, HTTP SOAP endpoints provide security that is very tightly integrated with SQL Server's built-in security model. If your SQL Server is secure, your exposure to attacks via endpoints is minimized. If your server is not properly secured, endpoints only exacerbate the problem. Of course, an unsecure SQL Server is probably more likely to be attacked using tried-and-true attacks, like SQL injection or password brute-force/dictionary attacks over the standard SQL Server TCP and user datagram protocol ports than via SOAP endpoints.
On the other hand, the vast majority of SQL Servers that are set up to expose web service methods via HTTP SOAP endpoints tend to be set up for internal use only, behind firewalls and with the additional network security provided by network administrators on a local area network or wide area network. If you set up any SQL Server for exposure over the Internet (endpoints enabled or not), make sure you do a thorough security analysis of your server and network to minimize the potential that your server, network, and data can become compromised. Though they are outside the scope of this book, the same type of precautions should be taken when exposing any computer to the Internet, including web servers and other networked computers.
On the other hand, the vast majority of SQL Servers that are set up to expose web service methods via HTTP SOAP endpoints tend to be set up for internal use only, behind firewalls and with the additional network security provided by network administrators on a local area network or wide area network. If you set up any SQL Server for exposure over the Internet (endpoints enabled or not), make sure you do a thorough security analysis of your server and network to minimize the potential that your server, network, and data can become compromised. Though they are outside the scope of this book, the same type of precautions should be taken when exposing any computer to the Internet, including web servers and other networked computers.