Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is this secure? Serving content from two servers with SSL

Status
Not open for further replies.

Spork52

Programmer
Nov 20, 2007
134
US
Is there any reason the following setup wouldn't be secure?

Server 1:
- Shopping cart system that accepts credit cards.
- ASP, IIS, unknown database, SSL.
- I have very little access to this server.

Server 2:
- Used to customize additional content for Server 1 (cannot be done on Server 1 because I do not have access to a database on Server 1).
- Server 1 displays content from Server 2 database using a connection string, and displays images from Server 2.
- Shared host (bluehost.com).
- PHP, MySQL, Apache.
- SSL on web server and database.
- Remote connections are allowed to DB and can be made with SSL.
 
Server 1, you say you have (almost) no access to so how could anyone answer if it's secure or not?

Server 2, is just displaying content (according to your post). Until you say "Remote connections are allowed to DB and can be made with SSL.".. What database?? But...

I think you should locate a forum specific to what you DO have access to on Server 2 (PHP, MySQL, Apache as you mention)

At the top of this page, change the dropdown from "Search Posts" to "Find a Forum", and find a forum more specific to that programming language or database that you are using. For example, there are many in the PHP forum (forum434) that might be able to help if you have some code questions.
 
I am assuming that both servers are secure on their own.

This is more of an SSL question, not specific to the server software. I included that information in case it makes a difference.

The question is whether the shopping cart on Server 1 can somehow become vulnerable when the cart pages are displaying images and data from Server 2.

I can't imagine what might go wrong, but this could be a case of Rumsfeld's "unknown unknowns."

-------

guitarzan said:
Server 2, is just displaying content (according to your post). Until you say "Remote connections are allowed to DB and can be made with SSL.".. What database??

That is not what I said. The content is created on Server 2, but displayed on Server 1. Server 1 makes an SSL connection to the Server 2 database and also pulls images off Server 2 over SSL.
 
Only the communication between point 'A' and point 'X' are 'secured' when using SSL, it does not 'guarantee' that the server/device at point 'A' and at point 'X' are secure from intrusion/infiltration.


However, ... Given this, "Remote connections are allowed to DB" and this particular hosting company's record with "secure" and "shared server" being almost mutually exclusive terms, ... ...


Well, ... you do the maths.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top