Security Basics mailing list archives

Re: Transmitting Sensitive Information between Servers

From: "Ben Preston" <veruus () gmail com>
Date: Mon, 8 Sep 2008 13:31:48 -0600

On Mon, Sep 8, 2008 at 10:48 AM, Basha, Arif <abasha () apa org> wrote:


We have a policy to not pass user name/password, etc in clear between
servers within our DMZ.  Is this being too pedantic?

I would be interested to hear how others have this implemented?

Thanks.
Arif



I don't think it is too much to ask for.  There are secure methods for
this, whatever the transport; stunnel, encrypted data piped over
netcat, https, sftp/scp...

-- 

Ben

Current thread:

DMZ Web Servers Lafosse, Ricardo (Sep 05)
- Re: DMZ Web Servers Rob (Sep 08)
  - Re: DMZ Web Servers Adriel Desautels (Sep 08)
- <Possible follow-ups>
- Re: DMZ Web Servers David Glosser (Sep 08)
  - RE: DMZ Web Servers Lafosse, Ricardo (Sep 08)
  - Re: DMZ Web Servers Adriel Desautels (Sep 08)
  - Transmitting Sensitive Information between Servers Basha, Arif (Sep 08)
    - Re: Transmitting Sensitive Information between Servers Ben Preston (Sep 08)
    - RE: Transmitting Sensitive Information between Servers Thevendriya, Arvind (Sep 08)
    - Re: Transmitting Sensitive Information between Servers Nathaniel Hall (Sep 08)
    - Re: Transmitting Sensitive Information between Servers Chad Perrin (Sep 10)
    - Re: Transmitting Sensitive Information between Servers Ansgar Wiechers (Sep 08)
    - Re: Transmitting Sensitive Information between Servers Chris Benedict (Sep 08)
    - Re: Transmitting Sensitive Information between Servers Chad Perrin (Sep 10)
    - RE: Transmitting Sensitive Information between Servers David Gillett (Sep 11)
  - RE: DMZ Web Servers Dan Lynch (Sep 08)
- Re: DMZ Web Servers krymson (Sep 08)
  - TrueCrypt Basiru Ndow (Sep 10)

(Thread continues...)