>
> The problem is that we want the data to be encrypted across all
> networks, so a gateway with even a single cross-over cable
> connecting it
> to the database server network is not acceptable. We are
> looking into
> using OpenVPN on each of the databases servers now.

Is using SSH too much of a hassle? I know someone suggested it, but I didn't
see any pros/cons with your setup?

The way I'd do it is as follows:
On each DB server (assuming it's a unix/linux box):
Lock down port 3050 (in firewalling) so it isn't listening on the
ethernet interface - only localhost.
Make sure SSHD is listening on the ethernet interface, ready for
connections

On each webserver (Can be Windows/Linux/BSD/OSX):
Launch an SSH connection to the DB server, forwarding port 3050 to the
remote machine:
`ssh user@dbserver -L3050:localhost:3050 -C -cblowfish`
(Blowfish is the fastest cipher you can get for SSH.
Also, no '-g' is supplied - we dont want others using the tunnel)

Configure your web server application to connect to it's end of the
tunnel:
(Assuming you don't already have firebird listening on this port)
$conn =
ibase_connect("localhost:/path/to/database.fdb","sysdba","masterkey");

Done. Easy. Secure, compressed links across any network, and it didn't cost
you a thing.

N.