[nycphp-talk] Secure (XML-RPC) connection
Faber Fedor
faber at linuxnj.com
Wed Mar 24 15:36:05 EST 2004
On Wed, Mar 24, 2004 at 02:52:18PM -0500, Mitch Pirtle wrote:
> No can do. If one machine can get through, then anyone that can get to
> that machine can get through. Whatever security/encryption schemes are
> implemented on the webserver are bypassed by compromising the webserver.
> And once gaining access to the production server, the whole shebang is
> now for the taking.
I know. I'm trying to minimize that.
> One possible remedy is to push the data from the production server to
> the webserver, which would protect your internal network at least.
> Unfortunately, you will not be able to protect the data (should the
> webserver become compromised); and your data will no longer be 'real
> time' data.
That architecture is what I've been pushing since Day One. As for
placing orders and the like, the Prodn Server would periodically reach
out to the Web Server and grab the data. No holes in the firewall and
I'm happy.
> What is more important to your organization: your data, your internal
> network, or your website? Let the suits make this call, and the rest
> becomes academic.
The suits made their call; I'm trying to minimize the danger.
--
Regards,
Faber
Linux New Jersey: Open Source Solutions for New Jersey
http://www.linuxnj.com
More information about the talk
mailing list