Re: network architecture related to db security - needed

[Saqib Ali <docbook.xml () gmail com>]

solution 1)
If your DB is relatively small, consider hosting on the same box as
the application. and allow only localhost connections to the DB. make
sure that loopback interface is being used to talk to the DB. the
traffic should not be going over any eth interfaces.

solution 2)
if you want to host your DB on seperate box, make sure traffic is
tunneled through SSH or SSL.

solution 3)
Or you can want to host both the application and the DB inside a
firewall. and use Reverse SSL proxy to allow usert to use the
application. This is the safest option.

solution 4)
A graphical firewall/proxy. Again both the application server and DB
server are hosted inside a firewall, and the user connects using a
grafical firewall/proxy e.g. Citrix.


On 11/27/05, Bob Ababurko <bob () webstakez com> wrote:
> I am trying to figure out the best possible implementation to keep a db
> safe that is going to used as a backend for publicly accessible web
> services (Internet).  What are the better or best ways to protect the db
> from being hacked OR what are the ways that the web machines will access
> them?

In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
"If you stop telling lies about me, I will stop telling the truth about you"