"The project is a custom accounting/management system, with a CGI interface ...", "The chap I'm writing this for is somewhat paranoid "
Given the type of system it is, and the obvious sensitivity of the data, not only (IMO) is your employer not paranoid, I would be concerned that the measures aren't going far enough. I hope you purposefully didn't mention other security measures such as firewalls in front of your net connection, firewalls between the front end servers and the separate machines on a separate net (or subnet) that the data lives on, as well as the secure redundancy for failover and backups. Surely he has others working on the hardware configurations, firewall maintenance issues, so to provide these minimum needs as well as many others.
I'm not a network architect or otherwise a system's designer, but I have worked with such systems connected to the internet (or any other net for that matter). Having seen what it can take for even minimal systems, it is very easy to underestimate the needs in hardening such systems.
Instead of having some reasonably simple set of CGIs with, if you'll pardon the over-dramatic phrasing,
But I'm not sure its the best way to deal with this problem.Sounds like you're going to be seeing to the CGI security issues. Some relevent light reading is mentioned in just some of these places:
- The World Wide Web Security FAQ
- Essential CGI Security Practices, very good
- One of Ovid's lessons in Here
- web site design, or lack thereof, excellent
- (OT) Security Rant, must read
- Safeguarding sensitive information
- How can I secure MySQL & CGI?
- Secure State Maintenance
- A quick search on Super Search for "cgi secure" will yield plenty of solid material.
Given your employer's background, it's likely he's thought of these things (hardware, middleware and custom software issues) regarding privacy, security and his company's substantial risk, and it's significant that you're thinking it through with him. Do well.