One option that we currently use is to create a static route ftp transfer from the dirty side to the clean side. The firewall permits only outbound ftp traffic from that address to a specific address. The receiving machine allows only write, no read access to the ftp sub-directory. A daemon process does a database update based on the file sent in via ftp.
You could use the same scheme for queries, though it's a bit slow and cumbersome. However, if the result set of your query is large this is probably a pretty good idea.
I am looking for solutions or ideas on how to securely update a Web
server that is located on the outside of a firewall from a host or
workstation on the inside. Also, what security methods exist for passing
queries from the external Web server through the firewall to an SQL
server on the inside?