Can anyone offer a secure solution to the following problem:
I have an ASP.NET application that uploads files via the browser from the user's machine and copies
them to a secure location accessible by the web server. I then have a
VB executable that should process these files into the database. Now my system
has a 3 tiered architecture with web server running ASP.NET application, application
server running web services and Enterprise Services and finally a database server
accesed only via Enterprise Services. Each of the tiers is separated by a firewall.
Now my problem is where to locate my uploaded files and VB executable such that I do
not create a security loop hole whereby the executable can process files uploaded to
the web server or a location acessible by the web server straight into the database
bypassing the aplication server and all firewalls.
My logic tells me the executable should be on the application server but then how to get
the uploaded files to the application from web server for processing when only port 443 open?
I thought about creating a shared directory on a separate machine visible
from both web and application servers and protected by an ACL restricting
access to just the Windows account the ASP.NET application is
running under and the Windows account the execxutable is running
under as a scheduled task but thought this might be a security
risk effectievly opening up a means of accessing
both servers from one location and no firewall.
If anyone has any ideas about this I would really appreciate it.