Up Prev Next
From: Kiril Mitev <kiril at idea-globalmarket dot com>
Subject: RE: Net Security of SybPerl.
Date: Mar 3 1998 4:30PM
Or, invest/obtain "some" firewall-ish software to run on the server itself and
screen incoming coming connections based on IP....You could try ip-filter,
sorry dont have the URL handy, but their mailing list is
firstname.lastname@example.org , it's a Majordomo list like this one
From: Michael Peppler
Sent: 03 March 1998 15:43
Subject: Re: Net Security of SybPerl.
> We are currently undergoing a project that will involve retrieving
> information from our internal Sybase database from the Internet.
> Currently, the scripts are executed on the clean side, and the results
> sent across the firewall. We want to increase performance however, so
> it's planned to move the scripts onto the dirty side of the network to
> reduce load on the DB server.
> We're unsure whether to use Sybperl or ODBC. What are the security
> implications of using Sybperl in such a manner? I've heard of ODBC
> proxies to restrict such connections, do similar proxies exist for
I don't know anything about any ODBC proxies, but here's what I
understand the situation is for a pur sybase solution:
The problem is that you have to open the firewall to let connections
to the SQL server through (ie access to port xxxx). Once you do that
you basically allow anyone who *knows* that theres a SQL server on
the other side to connect to it with a little patience (ie just try
all the ports from 1000 upwards, fairly easy to do in a little perl
The Sybase solution would be to have an openserver on the clean side
that only accepts connections from certain hosts and passes them
through to the server. This requires writing the openserver of course,
but that shouldn't be too hard as it's only a pass-through server.
At least that's my understanding of how things stand in this case -
others may have other ideas.
Michael Peppler -||- Data Migrations Inc.
email@example.com -||- http://www.mbay.net/~mpeppler
Int. Sybase User Group -||- http://www.isug.com