Re: [fw-wiz] Sources for Extranet Designs?

From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
Date: 02/29/04

  • Next message: Shimon Silberschlag: "Re: [fw-wiz] Multiple small switches vs. a single big one; Granularity of control"
    To: firewall-wizards@honor.icsalabs.com
    Date: Mon, 1 Mar 2004 01:54:12 +0530
    
    

    On 23/02/04 17:02 -0500, Jim Seymour wrote:
    > "Baumann, Sean C." <Sean.Baumann@celera.com> wrote:
    > >
    > [snip]
    > >
    > > Perhaps I need to investigate something that can perform the same
    > > functions that our DMZ web servers perform. Perhaps something that can
    > > act as a go-between or proxy, which we can be sufficiently locked-down.
    > > Anybody know of anything that can do this,
    > [snip]
    >
    > I'm going *way* out on a limb, here, as I'm only *very* vaguely aware
    > of this technology, but isn't this kind of thing what Java Beans (and
    > some of the other Java enterprise technologies) was designed for?
    Its not just beans.
    Essentially, you design a protocol for transferring the queries over as
    data, validate that data and then feed it to an API which again checks
    for malicious intent. (Hint: proxy).

    > The philosophy is that in, say, an extranet situation, your customer
    > never actually "touches" your db server, for example. Instead,
    Actually, your user should never touch the database server directly, but
    go through some application gateway which handles the protocl validation
    stuff. A 3 tier application if you will.

    application-->filtering proxy--->data store.

    Devdas Bhagat
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Shimon Silberschlag: "Re: [fw-wiz] Multiple small switches vs. a single big one; Granularity of control"