[3957] in WWW Security List Archive
Re: www, database and security
daemon@ATHENA.MIT.EDU (Andre Jenie)
Sun Jan 12 12:41:41 1997
From: "Andre Jenie" <ajenie@pop03.ca.us.ibm.net>
To: www-security@ns2.rutgers.edu
Date: Sun, 12 Jan 1997 21:33:20 +0000
Errors-To: owner-www-security@ns2.rutgers.edu
Hi,
Maybe I can comment a little:
> 1) Which methods exist to connect a database to the web?
> (Up to now I know about Sybase CGI interface and
> Sybase NSAPI interface - which else do exist?)
I know about DB2WWW, one RDBMS from IBM. They are now concentrating
in providing the best solution for expanding the legacy database
connection (which mostly resides in DB2, IMS) to Internet/Intranet.
You can find it in www.software.ibm.com
Or you can try also IIS from Microsoft. They have API that you can
use to connect your web server to any database through ODBC. You can
even use VisualBasic-like language to build your CGI using VBScript.
> 2) Which security problems can arise with these methods?
Basically, the database server will treat you as a one instance
connection from one client. So, any Internet connection will use the
userid/password that has been given to the Internet Server (maybe
somebody can add other security issues ??). Bottom line is we'll use
the security scheme that comes from the database system.
Hope this will help.
Thank You and Have a Nice Day,
Andre Jenie
Security Analyst
Jakarta, Indonesia
Thank You and Have a Nice Day,
Andre Jenie
Security Analyst
Jakarta, Indonesia
