We're deploying a simple newsletter webapp on a stand-alone LAMP platform in the company DMZ. There is some discussion as to whether the MySQL server should be removed from the DMZ and put in the internal network.
The server is behind a firewall with only port 80 open and MySql will be attached to a non-standard port. The database contains customer email addresses.
Is this a secure setup (or secure enough)? How much more secure would it be by placing the data behind a second firewall? (I'm more of a developer so I'm not really aware of all the security aspects here – can someone enlighten me!)
Update
Just for clarification and to attact more comment here is our current setup:
internet – firewall1 – http server – firewall2 – appserver – firewall3 – enterprise resources
This new application was supposed to go completely within the DMZ between firewalls 1 and 2. We're currently discussing pulling the MySQL server in behind the 2nd firewall.
Best Answer
To allow connections from the DMZ to the internal LAN is breaking with the concept of a DMZ.
Binding MySQL to localhost is going to be no less secure than placing MySQL elsewhere. If data theft is your concern, you should assume that were the two machines split apart and the Apache portion was compromised, then MySQL connection details stored on the compromised machine could simply be re-utilised by an attacker to read the data out anyway.
Edit to add:
Even with a double-hop DMZ as you describe, you're not purchasing yourself any real security benefit from separating the services, whilst at the same time making the setup more complicated. You're possibly even increasing the attack surface by having more machines and sending data over the wire that would otherwise be on loopback.