Subject Re: [ib-support] Internet & Interbase
Author Dave Warnock
Pablo,

> Every client installation has a router ( an then a fixed IP ) and we have a
> firewall in the HQ . All gds entries
> are redirected to the IB Server and the authorized IP´s are filtered too.
> Is it a right way to do this?


H'mm does this mean it is impossible for a cracker to send gds commands
to your server? I am not a security expert, but I am concerned that you
have potential for crackers to execute arbitary commands on your
database this way, especially if you are not encryptiing all traffic as
then the passwords will be passed in the clear.


> If I´m a newbie with inet security , I´m in a worst situation for
> application servers . Where can I find documentation about it? . We will be
> working with Delphi objects ( in fact we have written our own RAD tool ,
> generating Cobol code - don´t ask me way ...- with a Delphi-like
> environment ) in the client applications , and Linux servers for the DB.


An application server simply means that you move some of the logic from
your client to a process running on a linux server inside your firewall.
So you would change the cobol client to connect to the application
server and pass the parameters for the query. The application server
would connect to the dbms server and then return the results to the client.

The connection should be quite easy. I would use XML-RPC (see
www.xml-rpc.org) as it is very simple.

The application server could be written in anything that will run on a
server inside your firewall. You could write it in delphi quite easily
if that is where you have skills. Or it could be written in Java,
Python, Perl, C etc

The advantage is that the application server can only call the stored
procedures on the dbms server. So even if crackers manage to connect to
the application server they cannot execute arbitary sql (such as a
"delete from MyImportantTable").

Regards

Dave