Skip to Content (Press Enter)
2025-04-17 05-42-16
Ajit Kurane
22Views
3Comments
Security Best Practices for External SQL Server Connectivity in OutSystems
Question
Reactive
Database
External Database
Security
Integration Builder
Application Type
Reactive

Hi All,

I have implemented a POC where I’m saving data from an OutSystems Reactive application into an external SQL Server database, and I’m able to perform CRUD operations successfully. 

Here’s the approach I followed:
1)Configured the database connection in OutSystems Service Center
2) Used Integration Builder to establish connectivity with the external SQL Server database.

 Everything is working fine from a functionality perspective. 

However, I would like to understand the security aspects of this setup: 

1)How secure is this connectivity from the OutSystems side? 
2) What are the recommended best practices to ensure secure external database integration? 
3) Are there any additional configurations or precautions that should be implemented to strengthen security? 

I would really appreciate insights or recommendations from the community based on experience or best practices.

Thanks in advance!

0
0
5 days ago
Copy Link
2026-06-06 05-35-01
ABHIJITH G
Champion

Hi @Ajit Kurane ,

Your approach is generally secure because the database connection is managed server-side in OutSystems, and the credentials are not exposed to the client application. As long as all database operations are performed through Server Actions and proper authentication/authorization is implemented, the risk is minimized.

For production environments, it is recommended to use a dedicated database user with least-privilege access, enable encrypted connections (TLS/SSL), restrict access via firewalls and IP whitelisting, and rotate credentials regularly. Additionally, validate all inputs, use parameterized queries, and monitor database access logs to strengthen security further.

Regards 
Abhijith

0
0
5 days ago
Copy Link
2026-06-05 12-38-17
Eduardo Jauch

Adding to that.

It seems your database is exposed publicly over the net.
Most companies will not allow this type of configuration.

Usually, VPN, SSH tunnel or Private Gateway are used instead.

Cheers!

1
0
5 days ago
Copy Link
2019-11-11 17-10-24
Manish Jawla
 
MVP

Hi @Ajit Kurane ,

Just follow standard database security practices:

  • make sure user have least privilege
  • have secure connectivity
  • encrypted communication
  • secure parameterized queries
  • easy monitoring

From an architecture perspective, I also recommend keeping business logic in OutSystems while using the external database primarily as a data source. This usually makes future maintenance, upgrades, and troubleshooting much easier. 

Regards,

Manish Jawla

0
0
5 days ago
Copy Link
Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.