On Tue, 29 Feb 2000, Jim Ridley wrote:
> Hello -- I have a business unit in my company which has just asked that
> we
> help them enable our external customers to access internal data.
> Essentially,
> they would like to have our customers hit our 'web site' and be able to
> authenticate and then browse a pre-defined set of reports which are
> generated
> from data residing on our internal database servers, both canned and
> customizable reports.
This is fairly common.
>
> I'm sending out this request to the list, to ask what other folks are
> doing to
> provide a secure, stongly-authenticated mechanism for doing such a
> 'portal'
> from the outside into the inside data.
>
All the obvious answers are SSL for encryption, some sort of firewall to
protect the web server from the internet, and the inside from the web
server, possibly including some firewalling for the DB server. Write your
CGI scripts very carefully so people can't feed you arbitrary SQL
commands. You've got a wide range of authentication options available,
including OTP.
Ryan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
