>I probably wouldn't put the DB server in the DMZ. I would place the DB in >the intranet and open pin holes between the two. Using a beefier DB server, >or even clustering.
That was another option. However, I hate to open more holes on the firewall between the DMZ and the private network than necessary. With web services the transaction data needed for accounting could be sent to the internal serverover port 80 or port 443. But, keeping the database server inside the private network adds another layer of security between it and the Internet. I see both ways and I guess it depends on how paranoid you are and how much you rely on your firewall's security. Russel ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:5:192948 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
