--- In firebird-support@yahoogroups.com, "dbambo2000" <gcampbel@p...>
wrote:

>
> If I understand it correctly, port 3050 must be open in order to
> connect to a firebird database from across the internet. My
> application is written in coldfusion (CF) and internet users will
> access CF pages which will be generated after queries to the

firebird

> database. If all of these queries are happening on the server

itself,

> is it still necessary to make certain that port 3050 is open to the
> internet?
>

Of course not, the server will just have to have access to itself on
port 3050. That would somewhat risky to allow any internet client to
start trying database connections.

> I know that if this port weren't open, then I also wouldn't be able

to

> access the database from across the internet, but I could still

access

> it via Remote Desktop couldn't I?
>

Providing you remote desktop into the other side of the firewall
sure. I would recommend you don't connect across the internet unless
you have specifically designed your application to be gentle on data
transfers.

> This may be a rather silly question, but I'm not above asking silly
> questions (if it leads to deeper understanding). If things could

work

> in this fashion, then wouldn't it also make the database somewhat

more

> secure?
>

Normally you would have a firewall that forwards port 80 to the web
server. That is the only port that needs to be exposed publicly (for
http obviously, you may need others for mail, ftp, proxy and https
etc).

Behind the firewall is your webserver and in your case it is the same
as the database server (I think, correct me if I am wrong). Anything
on the secure side of the firewall has no problems accessing the
ports the firewall is protecting.

Adam