Subject Re: [firebird-support] Firbird Vulnerability To Exploits - Port 3050
Author Alexandre Benson Smith
Steve Wiser wrote:
> Is this a webapp (I assume so since you mention a webmaster)? If so why
> don't you restrict the firebird port so only your web application can
> talk to the database server instead of having 3050 sitting wide open on
> the internet?
>
> It won't solve all of the problems, but it eliminates a few.
>
> We have our database servers firewalled away from our web application
> servers (which are firewalled away from the internet).
>
> -steve
>

Besides that, use some kind of tuneling software (zebedee, stunnel, ssh,
etc.) and don't open port 3050 direct.

Restrict the access to the tunneling port just to the "trusted" hosts

Use private keys in your tunnel software to accept connections.

see you !

--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br