[Zope] Secure Database Access
Toby Dickenson
tdickenson@geminidataloggers.com
Tue, 30 Apr 2002 10:15:46 +0100
On Mon, 29 Apr 2002 16:28:49 -0700 (PDT), Ing Soc
<ingsocdoubleungood@yahoo.com> wrote:
> INTERNET
> |
> (a) |
> ------------------------------- =20
> | Router/Packet Filter Firewall | =20
> -------------------------------=20
> |
> (b) | =20
> -------------------------------------- =20
> | Front end Apache HTTP server (Linux) | =20
> -------------------------------------- =20
> |
> (c) |
> ------------------------ =20
> | Packet Filter Firewall |
> ------------------------
> |
> (d) |
> --------------------------------- =20
> | Zope Application Server (Linux) | =20
> ---------------------------------
> |
> (e) |
> --------------------------------- =20
> | Internal Oracle Database Server | =20
> --------------------------------- =20
This scenario transfers unencrypted zope passwords over your internal
network. Is this a problem? If yes you might be better with a topology
like:
internet
|
packet filter
|
apache
|
zope
|
packet filter
|
oracle
That loses the packet filter between apache and zope, but Im not sure
when benefit that was giving you. Suppose Apache is compromised....
what damage could it do to zope that a packet filter would prevent?=20
This all assumes you are not using zeo. If you are, then it is a good
idea to put zope and zeo behind a packet filter:
internet
|
packet filter
|
apache
|
packet filter -------- zope ---- zeo
|
oracle
This is exactly the topology that I am using now.
Toby Dickenson
tdickenson@geminidataloggers.com