[nycphp-talk] Secure (XML-RPC) connection
Faber Fedor
faber at linuxnj.com
Wed Mar 24 13:51:22 EST 2004
On Wed, Mar 24, 2004 at 01:13:03PM -0500, Daniel Convissor wrote:
> On Wed, Mar 24, 2004 at 11:34:57AM -0500, Faber Fedor wrote:
> > On Wed, Mar 24, 2004 at 11:25:28AM -0500, Chris Bielanski wrote:
> > >
> > > > 443, 80, it doesn't matter which port is open. What matters
> > > > is *A* port is open.
> > >
> > > True, but then likely so is 53 for DNS, 3306 for MySQL, and probably a few
> > > others, despite your precautions.
> >
> > Not on my networks. :-) The webserver is outside the firewall and has
> > all those ports open. Everything else is behind the firewall and
> > *NOTHING* is open on that firewall.
>
> If nothing is open, why is it connected to an exterior network at all?
Nothing is open from the outside. All traffice is initiated from the
inside. Like this::
Internal network -------firewall------ Big Bad Internet
| |
Production Server----| |------web server
> And if nothing is open, how do you expect the web server to communicate
> with the database server? It's like inviting a friend over for lunch but
> not opening the a door for them when they arrive.
At the moment, it can't. I want to open up a teeny-tiny hole on the
firewall to let the web server in, but I'm very paranoid about people
breaking in, hence my original question.
If I forward Firewall:80 to ProdnServer:80, that will let the web server
in and everyone else on the Big Bad Internet. I can use SSH/SSL to
encrypt the data from the Web Server to the Production Server but I need
to minimize/remove all acapabilities for the Big Bad Internet to get to
ProdnServer:80.
--
Regards,
Faber
Linux New Jersey: Open Source Solutions for New Jersey
http://www.linuxnj.com
More information about the talk
mailing list