How to secure a database using web services? -

now application connected database server in same lan , performs selects , inserts. database moved remote location accessible throughout internet. performance degradation addressed reducing number of operations db. not possible use vpn or configure access-in rules based on client ip on firewall of net database server moved. seems me necessary create database front end in order protect it. suppose 1 way achieve goal create web service.

are there easier alternatives?

i'm new web services: should run glassfish server while client c# application. read bit securing web service i'm confused. 1 method found in internet use glassfish built-in authentication mechanism , configure web.xml limiting access web service url group of users.

it seems easy approach, there drawbacks?

is easy use type of authentication in c# client?

other existing web services wants parameter key in request. key compared valid ones , if check successful request accepted.

is approach more secure previous one?

another alternative use wsit @ first glance seems over-complicated , security mechanisms need server certificate. anyway looks more secure; fit jax-rs , restful web services?

you can use l2tp or pptp vpn in case.

let me show first network topology.

client (accessing firewall l2tp or pptp )-----> firewall (l2tp or pptp vpn server)---> firewall lan server placed.

in above case client come vpn secure , on firewall have configure vpn lan rule client base rule.