How to send a secure request to a data tier over a firewall

Question

I've been asked to populate a flash file with some data from a database. I said, "Great, I will write some PHP that talks to the database and outputs xml. The swf can call that file."

My boss then told me that that solution wouldn't make the cut with IS, and I would have to find a more secure way of doing it. Ugh!

My proposed solution is to create some business logic that lives outside our corporate firewall. The actionscript will make a request to that file, which will send a secure request to a middle tier, which will reside behind the firewall. The middle tier will handle the request by connecting to the database and returning the appropriate data back through the firewall over the same secure connection. The business logic then outputs xml and everybody is happy.

I have diagrammed what I'm trying to do to make it very clear: http://twitpic.com/2kj0tk

Here are my questions:

1. Does this solution comply with industry best practice?
2. Will it work?
3. What code do I need to write in each tier to establish a secure connection and transfer data over that firewall? I thought maybe I could use cURL, but I don't know if this would work through the firewall. Would anybody mind relating how they would solve this, with code samples if possible?
4. It may work out that I end up having to write the solution in .NET. How would that change my approach?4.
5. What, if any, other information do you need from me to help solve this problem?

Thanks guys!

Answer 1

Depending on the type of data your securing and how security conscious your IT dept is the "real" solution would be to put your database servers behind their own firewalls (yes, inside your corporate network). Your middle tier would talk to the database using standard protocols through this firewall.

Your middle tier runs behind your "main" firewall (there can be varying levels here, but at it's simplest this is the firewall that is between your network and the internet).

Your web servers sit in a DMZ off this "front" firewall so that all traffic to/from them (including from the internet) must go through this front firewall.

At this point you can use standard techniques to communicate from your webserver to your middle tier. Then your middle tier uses standard techniques to communicate with the database. I would agree it's not a great idea to let your web servers talk directly to the database.

My question to my boss would be "why is the original solution a bad idea?". Do they want data encrypted across the internal network? Or is it just the webservers -> DB Server connection that is bothersome (which I agree with)?