Re: Re: Re: Re: Secure ways to use DBI?

in reply to Re: Re: Re: Secure ways to use DBI?
in thread Secure ways to use DBI?

Ah I see.

My script (an LWP Perl script) that calls the ssh to get a password from the DB,
does not reside on the web server and is not used by a web server in anyway.

But this script does need to use a password to connect to a https webpages that requires a user/password.
The machine the script resides on (M1) is seperated from the DB server with a firewall (FW1) and
seperated from the "outside world" with another firewall (FW2).

I think this set up is pretty secure. Here's where I expose my ignorance of
firewalls. FW1 only allows ssh and scp from M1 and FW2 only allows http and https to
pass through.

Does that make any sense?

Comment on Re: Re: Re: Re: Secure ways to use DBI?

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: Secure ways to use DBI? by dws (Chancellor) on Apr 17, 2003 at 17:48 UTC
Does that make any sense? Yup, though I'm unclear on where the web server fits into the picture. You say that your script "does not reside on the web server," but then say that FW2 only allows http and https to pass through. Does that mean that the web server is on M1, or on separate box? With the caveat that I'm not an expert, this sounds like a pretty solid scheme, as long as you're keeping up with vendor patches for the web server (and firewall vendor patches for the firewall).	[reply]
Re: Re: Re: Re: Re: Re: Secure ways to use DBI? by LameNerd (Hermit) on Apr 17, 2003 at 17:52 UTC
The web server does not reside on M1. The web-server is in the "outside world" and is accessed from my LWP scripts. And thanks for sharing your wisdom with me!	[reply]

In Section Seekers of Perl Wisdom