Hi all, I'm in the process of designing a corporate website based on Zope, with a significant amount of content being corporate database driven. The corporate database system runs on Oracle. My main concern is taking the necessary security precautions to minimise the risk of unauthorised access to the corporate database. I'd like to describe here the approach I'm planning, and get some feedback on whether it is reasonable or not, and perhaps some pointers based on what other security-conscious corporate websites do. As a bit of background, the data we are dealing with relates to the world of corporate stock market investment, and so our database contains lots of information of a private and confidential nature. While we are not up there with banking institutions in terms of the level of security required, having the information altered or even simply accessed by unauthorised persons is not a pretty thought. Diagrammatically, the plan is the following. Each box represents a physically separate server machine or network appliance. INTERNET | (a) | ------------------------------- | Router/Packet Filter Firewall | ------------------------------- | (b) | -------------------------------------- | Front end Apache HTTP server (Linux) | -------------------------------------- | (c) | ------------------------ | Packet Filter Firewall | ------------------------ | (d) | --------------------------------- | Zope Application Server (Linux) | --------------------------------- | (e) | --------------------------------- | Internal Oracle Database Server | --------------------------------- (a) Blocks everything except HTTP/HTTPS to front-end HTTP server. (b) Internet accessible. HTTP/HTTPS ports only available. Proxy passes to internal Zope server through internal firewall. (d) Use SQL Methods and DCOracle2 to access corporate database. (e) Zope user severely restricted to particular read-only views of the database. Zope user will never have any write access whatsoever. Web-driven database updates will be programmatically driven with manual intervention (i.e., no automatic update path to the corporate database from the web) This plan seems basically sound to me, but I would like to bounce it off people who have already been through it all before, if possible. One thing in particular we were wondering is if any significant security gain could be had by replacing the Oracle database in the above diagram with a replicated database on another machine, which in turn gets fed from the corporate database. Our feeling is that this is overkill. Any thoughts, especially from experience, would be greatly appreciated! Thanks, Ing. __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/