At 02:03 AM 22/02/2005 +0000, you wrote:

>If I understand it correctly, port 3050 must be open in order to
>connect to a firebird database from across the internet. My
>application is written in coldfusion (CF) and internet users will
>access CF pages which will be generated after queries to the firebird
>database. If all of these queries are happening on the server itself,
>is it still necessary to make certain that port 3050 is open to the
>internet?

No, not the Internet! But it must be open to the subnet. Configure the
firewall so that port 3050 will only accept connections from IP addresses
with a subnet mask of 255.255.255.0.

>I know that if this port weren't open, then I also wouldn't be able to
>access the database from across the internet, but I could still access
>it via Remote Desktop couldn't I?

The port has to be open to any clients that will connect to it. Just be
careful with the subnet mask, is all. Make sure any remote desktop clients
NICs and gateways are configured within the LAN mask, or they won't get
through your firewall.

Oh, and a local client on a terminal server, e.g. your ColdFusion app, must
connect to the server hostname (IP address), not localhost.

>This may be a rather silly question, but I'm not above asking silly
>questions (if it leads to deeper understanding). If things could work
>in this fashion, then wouldn't it also make the database somewhat more
>secure?

You don't open the Firebird service port to the web. Well, some do...and
get absolutely awful response time at Internet bandwidth (along with
security exposure - since, chances are, if they are too lazy to write an
n-tier app, they neither know nor care much about security...)

Rather than get a silly answer, would you like to elaborate a little about
what you had in mind by this question?

./heLen