Subject Re: Interbase safe on internet?
Author Mark O'Donohue
[sorry if it's not quite on topic, I posted this to
borland.public.ib.opensource 2 days ago, it hasn't appeared, persuming a
suff up and in case anyone was interested, (but it's not THAT
interesting) I've posted it here as well.]

Jorge Alvarez wrote:
> <snip>
> Bill Todd wrote:
>>You can buy a hardware firewall for $100. I think they all use NAT
>>which I have read is very secure.
> Bill,
> Somewhat off-topic but I'm very interested: where can I find
> about this inexpensive hardware firewalls?

A solution we've found useful is a cheap (< $100 recycled pc ) and one
of the simple fw purpose built linux distributions.

(NAT - network address translation is a way of having several pc's or
internal network hiding behind a single ip address, good for sharing an
adsl or dialup line, it's a convenience component of many firewalls
(including both above) and it helps a bit by hiding the internal network
- but it's primarily not really a security feature).

The ipcop one is quite nice with web interface and intrusion detection
program (snort), the coyote one is good for quick small install (a
question and answer session builds you a boot floppy disk - yep it fits
on a floppy).

There are also others, these are just the ones we've used - and found

And on exposure of ib ports to the internet, basically don't do it -
it's best to be careful.

So restrict access to the ib/fb database to an applicaton server (it
could possibly be on the same box). In that application server hardcode
all the sql stmts to restrict the types of queries that the 'internet'
users can make, and if you include user entered fields in the sql stmts,
have a sensible limit check on the size of the sql stmt before you send
it to the db server. The only allow the users to talk to the application


Your database needs YOU!