Hello all,
I've been working with a couple different contact management solutions, but my security paranoia prevents me from wanting to put any sensitive data in the cloud. While I'm not dealing with anything like credit transactions that have detailed security requirements, I am considering handling sensitive personal data that I wouldn't want unauthorized people to have access to.
I'm considering a model where there are two systems: one on a Firewalled LAN that contains the sensitive data, which can only be accessed by those on the lan. A second system would contain the non-sensitive (phone book) information subset of the secure system. I would like changes to the non-sensitive data to be synchronized by a connection initiated by the secure system, so as not to compromise the firewall.
I understand that master-slave replication could probably provide synchronization from the secure system to the public system, however this would seem to overwrite any changes made to the public database.
Now to my questions:
1) Does this security model make sense? Are there any downsides or inherent problems with this approach that I might be overlooking?
2) Is there an off-the-shelf or some example of how to implement this type of system?
3) If no, how would you go about implementing this? (language suggestions, synch algorithms, etc)
Assume a LAMPP configuration, with no persistent processes allowed (except for Apache & MySQL) on the public system.