Brad Shively wrote:
| Has anyone figured out how to comminicate through a CGI program through
| a firewall to internal application servers? I am trying to send
| information from our web server to our internal application servers,
| retrieve data from databases, and then return the information back to
| the internet user. Does anyone know how to do this through a firewall
| that is secure?
There are an awful lot of ways to do it. As things stand,
none of them are very good. It would be nice to have an extensible
proxy that could handle something like DCE RPC with authentication,
and read the IDL files to see what the "expected" messages are, and
stop everything else.
I use DCE as an example because of the possibility of building
something with IDL. Whatever is done, the ability to reliably
generate new proxy rules quickly will be very useful.
Any structured means of passing messages is better than doing
something like a socket connection & plug. Strong authentication, and
possibly confidentiality, are also very important for any message
coming in from an external web server. However, its probably a good
idea to expect the web server to be comprimised, and messages sent in
that you don't expect.
Even if the web server is not comprimised, a user with netcat,
or some other tool may well be able to HTTP POST data that could cause
a buffer overflow on your inside machines.
"It is seldom that liberty of any kind is lost all at once."