|
Yes, it is possible and I think the best way to securely authenticate Web applications to other resources, including SQL databases is to use Secure Shell (SSH). Secure Shell, sometimes known as Secure Socket Shell, is a Unix-based command interface and protocol that provides strong authentication and secure communication over unsecured channels. The encrypted session is supported by public-key cryptography to protect the session key used by the symmetric encryption algorithm. SSH uses RSA public key cryptography for both connection and authentication and supports Blowfish, DES, IDEA, and other symmetric encryption algorithms.
As long as the connection between the application and the database uses TCP, you can use the SSH channel to authenticate to each other and increase security against different kinds of attacks. To use SSH for a variety of services you should use port redirection.
To enable a Web application to authenticate to your database you will need to put an SSH client on the Web server and an SSH server on the database server. SSH can then encrypt passwords and network traffic between your Web and database servers, thus preventing eavesdropping, IP spoofing, IP source routing, DNS spoofing and other network-level attacks.
You can receive free, open source implementations at http://www.openssh.com or commercial versions including Windows versions at http://www.ssh.com. There are two versions of SSH, SSH Secure Shell Version 1 and Secure Shell Version 2. SSH1 is not as secure as SSH2 and is gradually being withdrawn from use. SSH2 is actually a complete rewrite of the protocol, and it does not use the same networking implementation as SSH1, so make sure you use SSH2. A good SSH "how-to" can be found at http://p25ext.lanl.gov/ssh/ssh-howto.html.
Related Information
Find out the differences between SSH1 and SSH2 and why you should upgrade
Get the latest news, tips and expert advice on database security in our resource center
|
