I have an ASP based application that may need to be deployed in an envrionment
that uses a DMZ. I need to come up with a reasonably secure approach for
accessing my functional ASP pages (which use COM to talk to business objects) in
this environment. The original approach proposed here was to leave the
functional ASP's in the DMZ and have them communicate with the trusted network
via SOAP. This would leave only the SOAP listeners and the supporting business
objects inside the trusted network. However, SOAP seems like overkill for this
problem. An alternate approach would be to use plain HTTP to forward the
request from the DMZ to the functional ASP's in the trusted network. With this
approach and ASP or ISAPI Extension in the DMZ would receive incoming requests
and forward the request along to the functional pages in the trusted network
(perhaps the forwarding component would check to ensure the final destination
was valid; maybe it could put a special HTTP header in to allow for extra
filtering on the firewall).
What are the inherent problems of running ASP's inside the trusted network ? Are
ASP's especially vulnerable to denial of service or to security breaches ? How
would a good firewall administrator react to this proposal (would SOAP between
the DMZ and trusted network go over any better)?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
