Re: [fw-wiz] Sources for Extranet Designs?
From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
To: email@example.com Date: Mon, 1 Mar 2004 01:54:12 +0530
On 23/02/04 17:02 -0500, Jim Seymour wrote:
> "Baumann, Sean C." <Sean.Baumann@celera.com> wrote:
> > Perhaps I need to investigate something that can perform the same
> > functions that our DMZ web servers perform. Perhaps something that can
> > act as a go-between or proxy, which we can be sufficiently locked-down.
> > Anybody know of anything that can do this,
> I'm going *way* out on a limb, here, as I'm only *very* vaguely aware
> of this technology, but isn't this kind of thing what Java Beans (and
> some of the other Java enterprise technologies) was designed for?
Its not just beans.
Essentially, you design a protocol for transferring the queries over as
data, validate that data and then feed it to an API which again checks
for malicious intent. (Hint: proxy).
> The philosophy is that in, say, an extranet situation, your customer
> never actually "touches" your db server, for example. Instead,
Actually, your user should never touch the database server directly, but
go through some application gateway which handles the protocl validation
stuff. A 3 tier application if you will.
application-->filtering proxy--->data store.
firewall-wizards mailing list