This might not be the best place for this question, but it seems like a lot of knowledgeable people check out this forum. My question involves some security issues that are way over my head. Those of you who understand these concepts will be able to tell this by the way I try to explain it.
Basically, what I want to do is use PHP to connect to an Oracle database that happens to sit behind a firewall. So I guess a rule would have to be created on the firewall that gives the web server access to that database server. Now, a couple of people around the office have voiced concern about the potential security problems associated with this. This is the part that I don’t understand. They are suggesting that by doing this, you are giving someone an opportunity to “break out of PHP/Apache” and they would then be free to cause all kinds of trouble because they would be behind that firewall. Any comments, ideas, suggested reading, etc. would be greatly appreciated.
