Re: DMZ design

Leythos wrote:
> In article <3v5rhjF13va87U2@individual.net>, usenet-2005@planetcobalt.net says...
>> Leythos wrote:
>>> Wrong - If the database server in DMZ2 is compromised by a 0-Day
>>> exploit, and you've setup replication between the DMZ1 DB server, so
>>> that you have real-time information available, then the same 0-Day
>>> exploit will reach through and compromise that server too.
>>
>> No. Simply because replication and web application use different
>> mechanisms to access the server. Besides, I didn't say anything about
>> real-time replication.
>
> No, you didn't, but lets take an online ordering system, or a project
> management system or anything else that doesn't use a Static DB, and
> then you either punch a hole or setup replication, so you're back to
> having a security issue that you have to deal with one way or another.

As I said: even if I use (live-)replication, I'm not likely to be
vulnerable to the same exploit. And even if I were: my exposure would be
*at most* as high as it were in your scenario.

cu
59cobalt

-- 
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668