intranet from the outside

[sirugo]

We have an intranet inside our firewall.
Now, there are quite many functions that should be accessible from the outside (administrators want them to be).

How can we have the "intranet" accessible from the outside and still having reasonable security?

My idea is to have every php-page sniffing IP-numbers and if it's not in the range of the internal users they will have to log in manually through the MySQL database having users with encrypted passwords, placed inside the firewall.

Can a php-script be "hacked" although the initial check is the remote address variable?

Or what else should we consider?

 

[BabyJeffy]

Now, there are quite many functions that should be accessible from the outside (administrators want them to be).

So many times I hear the word "should" used like this... when in reality it's "want". Usually this is due to a lack of understanding the reason why it's not available in the first place.

I suggest you get IT to set this up using the routing tables on their firewall and routers.

Testing for specific IP blocks would work to restrict access to page content - but would still leave the server exposed on the internet.

Can a php-script be "hacked" although the initial check is the remote address variable?

A solution is only as strong as it's weakest part. If the server password is weak, if it's not fully patched, if someone finds some other weakness in the web application... then you are compromised.

Cheers,
Jeff

[tt]Jeff's Page @ Code Couch

http://www.codecouch.com/jeff/

http://www.codecouch.com/jeff/blog/

[/tt]

What is Javascript? FAQ216-6094