There is a remote server being set up that is a database (sql2K) This server will store paths to its folders containing scanned images (images around 250k each)

I have a website that has a calendar of events, the user of the calendar can have the ability to select supporting documents for the event they create on the calendar (so the calendar event needs a link to the documents on the other server. The website is fully under a ssl key and the remote db server is not. I don't was to inconvience users / give up security by having them click a link to load files from an unsecure location.

How would it be best to keep the security of the ssl and create a link from the secure web calendar of events to unsecure supporting documents on another server.

When the user uses the calendar of events, since it is dynamic, the users login information is passed along so the user views their information.

This is what i was thinking, would it be possible to pass the users Login information to a store procedure in remote server (which would only be listening for the web servers ip address) THis procedure would then pass back to the website (at a different ip) the urls to the images.

My main issue is avoiding the security prompts created from importing unsecure info and clicking a link to unsecure info FROM a secured.

Any suggestions on how i can do this?