Hi Pedro,
I believe VPN is more suitable solution for this problem, since the VPN
seems to be a non feasible solution to your problem, you should concentrate on
security holes of your web server. To be honest this is very difficult to
achieve, the web application should be very strong and you should be aware of
remote code execution vulnerabilities on your web server.
From my point of view, the problem is not accessing the Database itself, the
problem is that your web server has remarkable access to your Database.
Let's suppose your web server is highly secured, What I have done in my company
is to set up my database on the DMZ network with no default gateway, but of
course I did a very strict configuration on my firewall for the database.
Another solution can be NAT, you can put your Database server on Intranet and
do some NATting configuration along with port address translation to allow your
web server gain access to the Database server.
I believe NAT solution is more secured than the former method...
I'm sure other guys with more experiences might have better solutions, so I'd
follow this thread to learn more :-)
Very Kind Regards,
Mohammad-Ali
-------------------------------------------------------------------------
Sponsored by: Watchfire
Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------
