Firewall Wizards mailing list archives
Re: One way DB replication through firewall
From: Bennett Todd <bet () mordor net>
Date: Wed, 22 Jul 1998 12:03:39 -0400
You almost certainly don't want to use vendor-provided database replication for this application, for two reasons. First, vendor-provided database replication doesn't actually work; it's a checklist item required to make some contract bids, so they claim it, but they've never made it work. And second, commercial relational database vendors are selling software that hasn't made any significant advances in better than 20 years; among other defects, this means that they regard security as something that happens to other people. The best way to do your updates is to have the inside master database periodically take a dump, sending out some portable format of the extract you need to maintain on the outside, then copy that out with something secure like e.g. ssh, and have a job on the outside do a cold reload of the internet-visible database. If that's not possible --- e.g. because the publicly visible database is too large --- then have the inside database emit a transaction log, and periodically copy that transaction log out (with something secure like e.g. ssh) and play that against the external database. Recording and playing back transaction logs is another thing that relational database vendors aren't famous for getting right, so plan on using your own application code to manage this. -Bennett
Current thread:
- One way DB replication through firewall G (Jul 21)
- Re: One way DB replication through firewall Bennett Todd (Jul 23)