Firewall Wizards mailing list archives
Re: ODBC
From: Technical Incursion Countermeasures <lists () ticm com>
Date: Sun, 10 May 1998 11:48:23
At 05:06 AM 5/8/98 -0700, you wrote:
1998-05-06-16:07:35 Ikoedem Moses:I want to pass ODBC traffic from a webserver in the DMZ to a database server in the internal network. What is the right way to do it and what ports does it uses?First answer would be easy: _don't_ do it. ODBC is an immature protocol; security isn't implemented by any vendor I know of. They don't have strong authentication, nor encryption. The protocol being passed is open-ended. Don't let it through your firewall. Replicate such data as the web presence needs out onto a server in the DMZ, perhaps reachable only by the web server. Don't let that traffic in.
I assume that you are using something like MS SQL Server - you are not using Access are you? (I hope not). If you are using SQl Server then you could post your queries to it via SMTP. It takes a little bit of tweaking to get it to work right (What MS Product doesn't :{) but it means that you are not opening up anything else in your firewall... Cheers, Bret Technical Incursion Countermeasures consulting () bwa net http://www.ticm.com/ ph: (+61)(08) 9454 2487(UTC+8 hrs) fax: (+61)(08) 9454 6042 The Insider - a e'zine on Computer security http://www.ticm.com/about/insider.html
Current thread:
- ODBC Moses, Ikoedem (May 07)
- <Possible follow-ups>
- RE: ODBC Stout, William (May 13)