Here's my scenario... I have a Web Server in our DMZ, we have customers that will be submitting data to a production server internally. We normally would not allow 'outside, in', only 'inside, out'. In this case, I would like to figure out how to secure this data that will be submitted via the web page in the DMZ to an internal oracle database server. I know this is a basic concept, but I am fuzzy on securing things correctly. Basically I want the data the customer inputted externally immediately updating our internal database when they hit the 'submit' key. Any advice or books to read would be greatly appreciated. Thank you.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
DMZ Web Page Data Submission - how to secure??
- Thread starter Denda
- Start date
If i understand what you are saying it is like this:
LAN- SQL - (DMZ- Webserver)- Internet
You have two issue to consider here:
- authorization
- encryption
The best way is to use SSL. With this you solved the two issue, and you are using the best method.
Ok, now the question is what OSes and NOSes you have involved there. You have to create a Certificate Authority (a design for it, if you want a public CA or not,...). Then, for IIS for example, you define the way IIS users will be authenticated one-to-many or many-to-many (is the way you will assign certificates).
As you see is an entire story there. Also, think about impersonation issues. But I don't know if you are using Kerberos,....
Anyway, I hope that these ideas to help you. If not, contact me for details. Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k
LAN- SQL - (DMZ- Webserver)- Internet
You have two issue to consider here:
- authorization
- encryption
The best way is to use SSL. With this you solved the two issue, and you are using the best method.
Ok, now the question is what OSes and NOSes you have involved there. You have to create a Certificate Authority (a design for it, if you want a public CA or not,...). Then, for IIS for example, you define the way IIS users will be authenticated one-to-many or many-to-many (is the way you will assign certificates).
As you see is an entire story there. Also, think about impersonation issues. But I don't know if you are using Kerberos,....
Anyway, I hope that these ideas to help you. If not, contact me for details. Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question