More on web to db access

["Rick Horne" <rick_horne () hotmail com>]

Thanks for the responses.  I need to add some details
that I left out of my original post.
The DB server is MS SQL on NT.  We want access to live data.
The information in the DB is important and we don't 
want it revealed to the wrong person.
We don't have CGI wizards available. (Most anyone
can write a CGI script, but I don't know of any 
*experts* at my company).

I'd like to run a possible setup past you.
Formerly, we had this: 
Inet->Router->WWWServer->Gauntlet_FW->Inside
We are putting in a Pix in place of the router:
Inet->Pix->WWWServer->Gauntlet_FW->Inside
I propose the following(just for web-DB traffic):
Inet->Pix->MSProxy(reverse proxy)->Inside->Web & DB server.
The web server (NT, IIS) won't be trusted by any other computer on
the network.
I don't see where the risk is if you only allow port 80 to the
MSProxy server, where it proxies http for the web server.  Does 
anyone know what kind of attack could get past those two layers?
The only vulnerability I can see will be via the URL, as in 
trying to cause an overflow on the server.
Any insight you have to this config would be appreciated.
Thanks,
    Rick


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com