On 14 Feb 2002, at 10:59, Josh Welch wrote: > Basically what my boss would like to be able to do is write to a > Samba/NFS type share on the file server from the webserver.
In other words, he wants a DMZ that provides little security at zero cost.... My answer to people who "needed" to do this has always been that I felt I could live with it as long as the data transfer was initiated from the trusted side. i.e., Let the webserver offer the share, and the fielserver mount it and copy the data to a local filesystem. At the application level, nothing should care which machine the shared files are really hosted on. The very fact that this is transparent to applications means that it's not without some risk. But driving (a) the establishment of the network connection, and (b) the copying of the data, both from the file server in the trusted network, does make it considerably harder for an outsider to compromise/exploit these configurations. DG _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
