Firewall Wizards mailing list archives
Protecting Web Access to a FoxPro Database
From: "Bruce B. Platt" <bbp () comport com>
Date: Wed, 16 Dec 1998 16:51:16 -0500
Perhaps your combined experience can suggest some alternatives to me. I had a rather involved discussion today with a company who does web-hosting and site design. They have designed a web-site for a company whose major application is built around a FoxPro database, which I believe is not an SQL like transaction oriented database, but rather an evolution of some of the early PC databases. I am not a database expert, so please bear with me on this part. The problem these folks confronted me with is that they would like to allow users access from the internet via browser to the database. According to them, the way FoxPro works, it must run on the same machine as the web-server software. Since they are experienced with FoxPro, I have no evidence to dispute this yet, until I do some research. Their statement is that a query and a write to a FoxPro database requires reading and writing database blocks from the FoxPro engine itself, not a separate transaction engine. Here, writes to the database occur very frequently from LAN connected users, while reads can occur from both LAN users and Internet browsers. Replication of the database from a LAN-only version of the database to an Internet acecssible version seems inappropriate due to the frequency of writes and the inability to ensure that a replication has taken place without a completed write. If, however, they are correct, the problem of securing the database against "rogue" or "hostile" browsing activity is somewhat like an earlier discussion in this list which dealt with how does one use a firewall to protect the integrity of the database. The consensus, in which I participated was that securing a web-server behind a firewall which was proxying port 80 traffic was not a great solution since the web-server could still be attached through it's http daemon. In this scenario, where the http daemon is on the same machine as the database, the risk seems even greater. I'd appreciates comments on any of the above, as well as the following ways to secure this site. 1. Use user-name and password basic authentication to allow access. 2. Use port 443 connections so SSL and encryption is enabled while the user-name and password are in transit. 3. Use the firewall between the internet and the webserver proxying port 80 and 443 traffic to the web-server to protect the web-server against attacks to other ports. 4. Attempt to have the application migrated to an SQL database so db requests can be proxied. (unlikley that they will do this). Comments, please, Thanks, regards, and Holiday wishes. Bruce +--------------------------------------+ Bruce B. Platt, Ph.D. Comport Consulting Corporation 78 Orchard Street, Ramsey, NJ 07446 Phone: 201-236-0505 Fax: 201-236-1335 bbp () comport com, bruce@ bruce.platt@
Current thread:
- Protecting Web Access to a FoxPro Database Bruce B. Platt (Dec 18)