RE: ODBC in DMZ

["C. K. Lung" <clung () hotmail com>]

Hi Stefan;

Thank you for your detailed explanation.  It is very useful.

What if we are using Oracle instead of MS SQL?  Would it be the same?  If I
have VPN, would it overcome the problem of clear text?  Any input is greatly
appreciated.

Best regards,

C.K.

> -----Original Message-----
> From: Stefan Norberg [mailto:stnor () sweden hp com]
> Sent: Thursday, July 15, 1999 5:16 AM
> To: C. K. Lung
> Subject: Re: ODBC in DMZ
>
>
> C.K.,
> ODBC is not a communications protocol. It relies on an underlying
> communications mechanism.
> For example:
> A client can access a MS SQL-server (using ODBC), via Named Pipes
> (yuck :P),
> MS RPC or TCP/IP Sockets (default port is 1433).
>
> In a DMZ I would recommend sockets, although this communication
> is in clear
> text, because it's only one port to open up.
>
> MS RPC is all high ports in all directions plus tcp/135. Named Pipes is
> NetBIOS-ssn (tcp/137).
>
> Use strong passwords. If possible - make the DB-replica read-only.
>
> /stefan
>
> -------------------------------------------------------------------
> Stefan Norberg (stnor () sweden hp com)
> HP Consulting
> PGP-key: http://people.hp.se/stnor/stnor.asc
> KeyID: 2048-1024/0x06795314
> Fingerprint: FB30 E334 8F04 F7D6 1FE7  2DFA 31D9 9052 0679 5314
>
> ----- Original Message -----
> From: C. K. Lung <clung () hotmail com>
> To: Firewall-Wizards <firewall-wizards () nfr net>
> Sent: Wednesday, July 14, 1999 02:34
> Subject: ODBC in DMZ
>
>
> > A user needs to use ODBC access a program in DMZ.  Do I need to
> open ports
> > or/and socket to allow the access?  What kind of security risk it would
> > post?  Any comments/suggestions are greatly appreciated.
> >
> > Sincerely,
> >
> > C.K.