Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is this secure? Serving content from two servers with SSL

Status
Not open for further replies.
Spork52

Spork52

Programmer
Nov 20, 2007
134
US
Is there any reason the following setup wouldn't be secure?

Server 1:
- Shopping cart system that accepts credit cards.
- ASP, IIS, unknown database, SSL.
- I have very little access to this server.

Server 2:
- Used to customize additional content for Server 1 (cannot be done on Server 1 because I do not have access to a database on Server 1).
- Server 1 displays content from Server 2 database using a connection string, and displays images from Server 2.
- Shared host (bluehost.com).
- PHP, MySQL, Apache.
- SSL on web server and database.
- Remote connections are allowed to DB and can be made with SSL.
 
Sort by date Sort by votes
Server 1, you say you have (almost) no access to so how could anyone answer if it's secure or not?

Server 2, is just displaying content (according to your post). Until you say "Remote connections are allowed to DB and can be made with SSL.".. What database?? But...

I think you should locate a forum specific to what you DO have access to on Server 2 (PHP, MySQL, Apache as you mention)

At the top of this page, change the dropdown from "Search Posts" to "Find a Forum", and find a forum more specific to that programming language or database that you are using. For example, there are many in the PHP forum (forum434) that might be able to help if you have some code questions.
 
Upvote 0 Downvote
I am assuming that both servers are secure on their own.

This is more of an SSL question, not specific to the server software. I included that information in case it makes a difference.

The question is whether the shopping cart on Server 1 can somehow become vulnerable when the cart pages are displaying images and data from Server 2.

I can't imagine what might go wrong, but this could be a case of Rumsfeld's "unknown unknowns."

-------

guitarzan said:
Server 2, is just displaying content (according to your post). Until you say "Remote connections are allowed to DB and can be made with SSL.".. What database??
Click to expand...

That is not what I said. The content is created on Server 2, but displayed on Server 1. Server 1 makes an SSL connection to the Server 2 database and also pulls images off Server 2 over SSL.
 
Upvote 0 Downvote
Only the communication between point 'A' and point 'X' are 'secured' when using SSL, it does not 'guarantee' that the server/device at point 'A' and at point 'X' are secure from intrusion/infiltration.


However, ... Given this, "Remote connections are allowed to DB" and this particular hosting company's record with "secure" and "shared server" being almost mutually exclusive terms, ... ...


Well, ... you do the maths.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
316
Sameer258
Sameer258
intel233
  • Locked
  • Question
ASA5510 - SSL Cert
Replies
0
Views
231
intel233
intel233
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
403
Shmid
Shmid
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
170
hairlessupportmonkey
hairlessupportmonkey
texwiz
  • Locked
  • Question
need some help to properly set up, segregate and secure a network with an ASA 5505
Replies
2
Views
112
texwiz
texwiz

Part and Inventory Search

Sponsor

Back
Top