[thelist] Firewalls vs. Web Databases

Mark Nickel mnickel at new.rr.com
Sat Sep 22 11:52:31 CDT 2001

> > The best for security is definitely everything behind the firewall, or
> > at least the firewall being the only connection between the 'net and
> > your private network.
> My point is that Joe Cracker would have to a.) get through firewall
> rules b.) get through the webserver before c.) he ever found out even
> what network the DB server is on.

In addition to layering your defenses, one should also remember to
stringently audit the web-based applications that would be running behind the
firewall.  One can have a locked down network architecture, but forget to
audit that webapplication which uses a home-grown CGI processor instead of
CGI.pm, in the case of a Perl-based app.  Just Don't Do It... Use CGI.pm if
you can.  If you can't do a search for "Ovid" on http://perlmonks.org.

IMHO, it's easy to architect and secure the network but it's easy to become
relaxed and forget to secure your applications...


More information about the thelist mailing list