Options for opening up an internal webpage to the internetLocked
We have as part of an application we’ve bought from a vendor a webpage that will allow clients to login from the Internet and download the reports we’ve created for them. Currently we send these reports via email. Ideally I would prefer we send an email to the clients to let them know the latest report is available from our webpage. Our one requirement is to keep our solution local and not serve up these reports to an outside our network vendor to allow access from our clients.
The webpage our vendor-app has made available requires a login and password and it lives on our primary server with a SQL database.
I don’t want to open this up to the World Wide Web so my thought is to protect our primary database by pushing data from our primary database to another server/database in our DMZ. I would allow access from our internal network to the server in the DMZ but not allow access from the DMZ to our internal network. But I’m wondering if this is good enough.
I’ve been looking at further protecting our data by using a clientless vpn solution such as openvpn-als (Adito). I have Adito up and running and have created a web forward and it works, but not without problems. The agent that gets installed on the fly from Adito will only work on Windows and I need to install a cert for this agent since I receive a certificate error on the agent (I have a cert on my Adito server already). I also don’t like the idea of having a client login through Adito and then have to login again on our internal webpage. Sure it’s more secure with two logins, but I can see clients getting bugged by having to keep two passwords.
I’ve heard of ssh via html. I’ve been googling a bit on this and I’m still trying to understand how this would work, or if it would work in my situation. Does a client need to install anything on their computer before they could connect through ssh-html? Or is this over-kill to even think of using this.
Another option I’m thinking of is to use my own solution to transfer these reports to clients. If I were to host my own sftp server webpage where each client could login with their own session and view/download reports. Or is this again over-kill and I should just let https handle the retreival of reports from this local server in our DMZ.
Okay…I realize I’m jumping all over the place here. Any direction/thoughts you think I should take would be welcomed.