[DAS] Opening Ports and security Issues?

Titus Brown titus@caltech.edu
Thu, 3 Jan 2002 11:04:52 -0800


-> With the security set up here and the DAS Viewers I have to get the IT
-> department to open ports every time I have to connect to a new DAS provider.
-> I have been told that this is a major security issue.
-> 
-> 
-> Any thoughts on this or any solutions ?
-> I would be grateful for any comments

Hi,

do you mean that they have to open ports going out, like 8000, because
very few DAS servers run on the default HTTP port, port 80?

It's hard to imagine this being a real security concern, but some organizations
are more paranoid than others ;).

One solution is to get someone with good bandwidth to provide proxying
(e.g. via Apache's mod_proxy module) to the DAS servers for you, so that
http://human.das.org/ --> http://das.ensembl.org:8025/ (or whatever)
invisibly.  This is pretty easy for me to set up, but is a poor solution.

Alternatively, it's easy enough with Apache to set up virtual hosts for
the various DAS servers to do this themselves, which is probably the
most correct solution.

Finally, if you have ssh access to external hosts where this is NOT
a security concern, you could port forward local ports through your
own firewall.  This is pretty ugly but is do-able.

cheers,
--titus