Rick Brown wrote:
>
> [ extranet - how? ]
> The web app needs to access to an internal
> Oracle database. I'm wondering what's the best way to
> set this up? My first thought was to replicate the
> database to the DMZ.
If this is doable, it is indeed a very good design choice.
Replicating the bare minimum to the separate zone, and
replicating as little as possible back to the inside
(preferably nothing, if possible?) is just about as good
as it gets. If oracle can be set up so that the internal
DB initiates all of the replicating sessions (sorry, me no
oracle guru), it would be _much_ preferable to allowing
the extranet DB server initiating sessions to the inside.
> Another thought was reverse proxy but I've never done that
> and I'm wondering how secure that is.
You'd have to have a very well-written proxy [1] with very
fine-grained access control in order for it to improve
security even measurably. I have no idea if such a beast
exists (oracle not being my strong side and all).
/Mikael
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
[1] To head off less-useful advice: please, no "product X can
pass oracle, and since I bought one, it has to be very
secure/good/trustworthy" follow-ups. Any dumb box can PASS
oracle connections. I'm talking about actually securing it.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
