Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
"The project is a custom accounting/management system, with a CGI interface ...", "The chap I'm writing this for is somewhat paranoid "

Given the type of system it is, and the obvious sensitivity of the data, not only (IMO) is your employer not paranoid, I would be concerned that the measures aren't going far enough. I hope you purposefully didn't mention other security measures such as firewalls in front of your net connection, firewalls between the front end servers and the separate machines on a separate net (or subnet) that the data lives on, as well as the secure redundancy for failover and backups. Surely he has others working on the hardware configurations, firewall maintenance issues, so to provide these minimum needs as well as many others.

I'm not a network architect or otherwise a system's designer, but I have worked with such systems connected to the internet (or any other net for that matter). Having seen what it can take for even minimal systems, it is very easy to underestimate the needs in hardening such systems.

Instead of having some reasonably simple set of CGIs with, if you'll pardon the over-dramatic phrasing,

But I'm not sure its the best way to deal with this problem.
Sounds like you're going to be seeing to the CGI security issues. Some relevent light reading is mentioned in just some of these places:

Given your employer's background, it's likely he's thought of these things (hardware, middleware and custom software issues) regarding privacy, security and his company's substantial risk, and it's significant that you're thinking it through with him. Do well.

hth


In reply to Re: Twin interfaces, and one and a half databases to a project by tjh
in thread Twin interfaces, and one and a half databases to a project by JPaul

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (2)
As of 2022-10-02 09:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My preferred way to holiday/vacation is:











    Results (8 votes). Check out past polls.

    Notices?