[Zope] Secure Database Access
Ing Soc
ingsocdoubleungood@yahoo.com
Mon, 29 Apr 2002 16:28:49 -0700 (PDT)
Hi all,
I'm in the process of designing a corporate website
based on
Zope, with a significant amount of content being
corporate
database driven. The corporate database system runs
on
Oracle.
My main concern is taking the necessary security
precautions
to minimise the risk of unauthorised access to the
corporate
database. I'd like to describe here the approach I'm
planning, and get some feedback on whether it is
reasonable
or not, and perhaps some pointers based on what other
security-conscious corporate websites do.
As a bit of background, the data we are dealing with
relates
to the world of corporate stock market investment, and
so
our database contains lots of information of a private
and
confidential nature. While we are not up there with
banking
institutions in terms of the level of security
required,
having the information altered or even simply accessed
by
unauthorised persons is not a pretty thought.
Diagrammatically, the plan is the following. Each box
represents a physically separate server machine or
network
appliance.
INTERNET
|
(a) |
-------------------------------
| Router/Packet Filter Firewall |
-------------------------------
|
(b) |
--------------------------------------
| Front end Apache HTTP server (Linux) |
--------------------------------------
|
(c) |
------------------------
| Packet Filter Firewall |
------------------------
|
(d) |
---------------------------------
| Zope Application Server (Linux) |
---------------------------------
|
(e) |
---------------------------------
| Internal Oracle Database Server |
---------------------------------
(a) Blocks everything except HTTP/HTTPS to front-end
HTTP
server.
(b) Internet accessible. HTTP/HTTPS ports only
available. Proxy passes to internal Zope server
through
internal firewall.
(d) Use SQL Methods and DCOracle2 to access corporate
database.
(e) Zope user severely restricted to particular
read-only
views of the database. Zope user will never have
any
write access whatsoever. Web-driven database
updates
will be programmatically driven with manual
intervention
(i.e., no automatic update path to the corporate
database from the web)
This plan seems basically sound to me, but I would
like to
bounce it off people who have already been through it
all
before, if possible.
One thing in particular we were wondering is if any
significant security gain could be had by replacing
the
Oracle database in the above diagram with a replicated
database on another machine, which in turn gets fed
from the
corporate database. Our feeling is that this is
overkill.
Any thoughts, especially from experience, would be
greatly
appreciated!
Thanks,
Ing.
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/