52 But my database has an integrated web server, and I want to use that. Can't I just poke a hole in the firewall and tunnel that port?
Description
This article is from the Firewalls FAQ, by Matt Curtin cmcurtin@interhack.net and Marcus J. Ranum mjr@nfr.com with numerous contributions by others.
52 But my database has an integrated web server, and I want to use that. Can't I just poke a hole in the firewall and tunnel that port?
If your site firewall policy is sufficiently lax that you're willing to
manage the risk that someone will exploit a vulnerability in your web server
that will result in partial or complete exposure of your database, then
there isn't much preventing you from doing this.
However, in many organizations, the people who are responsible for tying the
web front end to the database back end simply do not have the authority to
take that responsibility. Further, if the information in the database is
about people, you might find yourself guilty of breaking a number of laws if
you haven't taken reasonable precautions to prevent the system from being
abused.
In general, this isn't a good idea. See question 5.11 for some ideas on
other ways to accomplish this objective.
Continue to:
My Books
