PEPPLER.ORG
Michael Peppler
Sybase Consulting
Menu
Home
Sybase on Linux
Install Guide for Sybase on Linux
General Sybase Resources
General Perl Resources
Freeware
Sybperl
Sybase::Simple
DBD::Sybase
BCP Tool
Bug Tracker
Mailing List Archive
Downloads Directory
FAQs
Sybase on Linux FAQ
Sybperl FAQ
Personal
Michael Peppler's resume

sybperl-l Archive

Up    Prev    Next    

From: Michael Peppler <mpeppler at MBAY dot NET>
Subject: Re: Net Security of SybPerl.
Date: Mar 3 1998 3:43PM

MichaelPountney@caspian.com wrote:
> 
> We are currently undergoing a project that will involve retrieving
> information from our internal Sybase database from the Internet.
> 
> Currently, the scripts are executed on the clean side, and the results
> sent across the firewall. We want to increase performance however, so
> it's planned to move the scripts onto the dirty side of the network to
> reduce load on the DB server.
> 
> We're unsure whether to use Sybperl or ODBC. What are the security
> implications of using Sybperl in such a manner? I've heard of ODBC
> proxies to restrict such connections, do similar proxies exist for
> Sybperl/OpenClient?

I don't know anything about any ODBC proxies, but here's what I
understand the situation is for a pur sybase solution:

The problem is that you have to open the firewall to let connections
to the SQL server through (ie access to port xxxx). Once you do that
you basically allow anyone who *knows* that theres a SQL server on 
the other side to connect to it with a little patience (ie just try
all the ports from 1000 upwards, fairly easy to do in a little perl
script).

The Sybase solution would be to have an openserver on the clean side
that only accepts connections from certain hosts and passes them
through to the server. This requires writing the openserver of course,
but that shouldn't be too hard as it's only a pass-through server.

At least that's my understanding of how things stand in this case - 
others may have other ideas.

Michael
-- 
Michael Peppler         -||-  Data Migrations Inc.
mpeppler@datamig.com    -||-  http://www.mbay.net/~mpeppler
Int. Sybase User Group  -||-  http://www.isug.com