We have our webserver outside of our firewall in some kind of DMZ. Our employee database is inside the firewall (it's a Win2k server and we're using Active Directory). Now what I want to do is write a script on the webserver that does a bunch of stuff to one of the web databases after it figures out that a user is valid employee. I (and the PHB's) want to do this without punching a hole in the firewall.
Yeah sounds impossible I know. We have an Intranet server which is inside the firewall. It can easily access the employee database.
What I was thinking was to have the users go to the Intranet server, be validated, fill out the info on the form, then submit the form. The form would actually be submitted to the webserver.
Problem with this is how do I make sure what is submitted is actually from the Intranet server. I thought about checking the referrer, but I've written some scripts that send fake referrers. So far I'm thinking the best thing is to have the form send some kind of token. Or maybe I could force everyone to have an IP address in the 10.xx.xx.xx range (that isn't spoofable is it?? What if I want them to be able to do this from home and not on our network?)
From the comment Re: Referer check within domain problem it sounds like a completely different solution is needed. Yet there is no alternative offered.
The project is still at the idea stage, so almost anything can be changed. The only requirements are:
- We have to have a script manipulate a database on the webserver.
- It must only allow valid users to use it.
- We want to avoid having to maintain a database of users on the webserver.
- Allowing the webserver to access something on the other side of the firewall just isn't going to happen.
Any help would be appreciated. Thanks.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.