Scenario for security of web applications?
The customer is coding a page to allow real time access to an Oracle DB in a secured noc. the data is sensitive, and has to be secure, but must also be accessible thru the web.
I suggested that the Database server be located in an ultra-secure area. Then use a reliable NOC for co-location of the actual web server. (I suggested SecureBSD for the OS)
Then, using PHP create an SSL connection to the DB to get the required data.
The security features to gain access to this particular info may be hard to implement. For instance, the connections would be coming from all over the US over various providers (including Dialup) so IP block is out of the question.
Does this make sense?
Is it viable.. what have I missed??
MIke
