Michael Peppler
Sybase Consulting
Sybase on Linux
Install Guide for Sybase on Linux
General Sybase Resources
General Perl Resources
BCP Tool
Bug Tracker
Mailing List Archive
Downloads Directory
Sybase on Linux FAQ
Sybperl FAQ
Michael Peppler's resume

sybperl-l Archive

Up    Prev    Next    

From: Kiril Mitev <kiril at idea-globalmarket dot com>
Subject: RE: Net Security of SybPerl.
Date: Mar 3 1998 4:30PM

Or, invest/obtain "some" firewall-ish software to run on the server itself and 
screen incoming coming connections based on IP....You could try ip-filter,
sorry dont have the URL handy, but their mailing list is , it's a Majordomo list like this one


From: 	Michael Peppler
Sent: 	03 March 1998 15:43
Subject: 	Re: Net Security of SybPerl. wrote:
> We are currently undergoing a project that will involve retrieving
> information from our internal Sybase database from the Internet.
> Currently, the scripts are executed on the clean side, and the results
> sent across the firewall. We want to increase performance however, so
> it's planned to move the scripts onto the dirty side of the network to
> reduce load on the DB server.
> We're unsure whether to use Sybperl or ODBC. What are the security
> implications of using Sybperl in such a manner? I've heard of ODBC
> proxies to restrict such connections, do similar proxies exist for
> Sybperl/OpenClient?

I don't know anything about any ODBC proxies, but here's what I
understand the situation is for a pur sybase solution:

The problem is that you have to open the firewall to let connections
to the SQL server through (ie access to port xxxx). Once you do that
you basically allow anyone who *knows* that theres a SQL server on 
the other side to connect to it with a little patience (ie just try
all the ports from 1000 upwards, fairly easy to do in a little perl

The Sybase solution would be to have an openserver on the clean side
that only accepts connections from certain hosts and passes them
through to the server. This requires writing the openserver of course,
but that shouldn't be too hard as it's only a pass-through server.

At least that's my understanding of how things stand in this case - 
others may have other ideas.

Michael Peppler         -||-  Data Migrations Inc.    -||-
Int. Sybase User Group  -||-