But my database has an integrated web server, and I want to use that. Can't I just poke a hole in the firewall and tunnel that port?

Firewall Testing

About VESARiA

5.12 But my database has an integrated web server, and I want to use that. Can't I just poke a hole in the firewall and tunnel that port?

If your site firewall policy is sufficiently lax that you're willing to manage the risk that someone will exploit a vulnerability in your web server that will result in partial or complete exposure of your database, then there isn't much preventing you from doing this.

However, in many organizations, the people who are responsible for tying the web front end to the database back end simply do not have the authority to take that responsibility. Further, if the information in the database is about people, you might find yourself guilty of breaking a number of laws if you haven't taken reasonable precautions to prevent the system from being abused.

In general, this isn't a good idea. See question 5.11 for some ideas on other ways to accomplish this objective.

Vesaria

3640 Fords Lane, Suite D
Baltimore, MD 21215
443 - 501 - 4044

Firewall FAQ
Table of Contents

Previous Section: How do I make my web server act as a front-end for a database that lives on my private network?

Next Section: How Do I Make IP Multicast Work With My Firewall?

Find out more about VESARiA Firewall Testing.