NetTalk Central

« previous next »
Pages: [1]

Author Topic: General question about security  (Read 5368 times)

Mike Grigsby

  • Sr. Member
  • ****
  • Posts: 380
    • Yahoo Instant Messenger - onthedotsoftware
    • View Profile
    • MyHomeAssets! Software (among others)
General question about security
« on: September 14, 2009, 04:09:59 PM »
Normally we deploy the web app on a machine outside of the firewall. I have a client who needs an interface to a database inside the firewall. My thinking is I can set up the web server and share a folder off the root of the drive and move data to it, but don't let the web server share anything else inside the firewall.

1. Does that sound safe.
2. Would using the replicate product be a better option?

As luck would have it, the system they need to interface with is built with Clarion and TPS files. Thanks for any thoughts you might have on this issue.
Logged
Mike Grigsby
Credify Systems
Central Oregon, USA

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11297
    • View Profile
Re: General question about security
« Reply #1 on: September 16, 2009, 05:22:37 AM »
Hi Mike,

the web server can run on the Lan reasonably safely.
Obviously the machine the exe is on needs acess to the TPS files, but the
TPS files should not be in the web folder.

Indeed the nettalk server can only "serve" whole files that are in the web folder so files outside that are safe.

You're only gonna open one port on the firewall, and then specifically to that 1 machine. And so any "attcker" will only be able to send packets to the web server. it can't make the web server do anything it's not been programmed (intentionally or unintentionally) to do.

Logged

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11297
    • View Profile
Re: General question about security
« Reply #2 on: September 16, 2009, 05:23:49 AM »
Let me put this another way.

We're running a web server on our Lan which is accessible from outside the firewall. So we're walking the walk here, not just talking the talk <g>.

Cheers
Bruce
Logged

ccordes

  • Sr. Member
  • ****
  • Posts: 384
    • View Profile
    • Email
Re: General question about security
« Reply #3 on: September 16, 2009, 05:56:25 AM »
Mike,

I have always put the server behind the firewall and open the single port through to the web.
If you are using s9omething outside, perhaps the IP driver for tps files would be the way to go. It uses a single port and can be poked through the firewall safely. I don't know what the bandwidth issues might be, but I'm guessing that the traffic resides on the IP server side and won't get passed through the router.

JAT

chris
Logged
Real programmers use copy con newapp.exe

Mike Grigsby

  • Sr. Member
  • ****
  • Posts: 380
    • Yahoo Instant Messenger - onthedotsoftware
    • View Profile
    • MyHomeAssets! Software (among others)
Re: General question about security
« Reply #4 on: September 16, 2009, 08:09:51 AM »
Initially we started by having the software installed on a client computer inside the firewall and using the router to point to it via a single IP and Port, as Bruce suggests. Then, because we were a bit concerned about security, we started selling our system on Netbooks, preloaded, but installed inside the firewall, but not connected to the network (shared) in any other way, other than the router connection. So it sounds like we should still be okay. We've always used the web directory as sort of the DMZ for the apps.
Logged
Mike Grigsby
Credify Systems
Central Oregon, USA
Pages: [1]
« previous next »