Security Basics mailing list archives
Re: secure LAMP architecture (MySQL in particular)
From: "Ali, Saqib" <docbook.xml () gmail com>
Date: Tue, 21 Aug 2007 09:05:43 -0700
On 8/20/07, List Subscriptions <lists.canuck.eh () gmail com> wrote:
What are the best practices for a LAMP architecture?
If I understand your question correctly, your webserver is in the in the DMZ, which is accessing the DB that is residing in a main firewalled intranet. This scenario is certianly possible, but will be vulnerable. If your webserver gets comprised, your DB is open as well. I would recommend instead of placing the web server in DMZ, place a reverse HTTP proxy in the DMZ, that talks to the HTTP server that resides inside your main firewall. This way if your reverse proxy server gets compromised, there will much much less chances of the webserver/DB being compromised. saqib http://security-basics.blogspot.com/
Current thread:
- secure LAMP architecture (MySQL in particular) List Subscriptions (Aug 21)
- Re: secure LAMP architecture (MySQL in particular) Ali, Saqib (Aug 21)