Update Databases from Webserver
Dirk-Willem van Gulik
dirkx at webweaving.org
Mon Sep 6 23:50:13 PDT 2004
On Mon, 6 Sep 2004, FreeBSD Mail Lists wrote:
> I would like to see how other people are updating backend databases
> (postgresql on FreeBSD, internal network) from a webserver (apache,php
> on FreeBSD, dmz network) through a firewall. Pretty much what I am
> trying to learn is how to take private information (credit card numbers,
> etc.) and write it to a backend database without leaving any huge holes
> for hacking. Should this be done or am I barking up the wrong tree,
> should there be an intermediary step? I have been trying to find
> information books/web that gives a real nuts and bolts way of trying to
> do this stuff and am not having a lot of luck. Any pointers books or
> sites would be appreciated.
First thing to consider - do you -have- to store things like credit card
numbers ? Most clearing houses can be negotiated with on-line; during the
transaction and all you need to capture is an authorization ack. That
already makes things a lot safer.
Secondly - carefully consider what you need to have on your webserver; do
you really have to store a name/address there long term; or is a login and
some preferences enough ?
Thirdly consider making the flow a one way street: using things like a PGP
email with just the public key on the web server; i.e. shunt any private
information into an encrypted email - send it to your systems in-house;
and only have the decryption key behind the firewall; and thus only
keeping the bare essentials on your server.
More information about the freebsd-questions