Re: secure LAMP architecture (MySQL in particular)

["Ali, Saqib" <docbook.xml () gmail com>]

On 8/20/07, List Subscriptions <lists.canuck.eh () gmail com> wrote:
> What are the best practices for a LAMP architecture?

If I understand your question correctly, your webserver is in the in
the DMZ, which is accessing the DB that is residing in a main
firewalled intranet. This scenario is certianly possible, but will be
vulnerable. If your webserver gets comprised, your DB is open as well.

I would recommend instead of placing the web server in DMZ, place a
reverse HTTP proxy in the DMZ, that talks to the HTTP server that
resides inside your main firewall. This way if your reverse proxy
server gets compromised, there will much much less chances of the
webserver/DB being compromised.

saqib
http://security-basics.blogspot.com/