Safely exposing a service to the internet
I have a very tight OpenBSD pf firewall.
My ADSL modem also acts as a firewall.
I know how to enable port forwarding in both.
My always-on machine runs Sid.
I'd like to be able to point my WAP-based cell phone
at my home and get a bit of data. (The data will be
encrypted and then beamed over to my PocketPC where
it will be properly decrypted.)
How many hoops should I jump through for myself for
security? Naively I would just run apache and when
a properly encrypted request comes in, run a server
process to do whatever is needed, and then return the
data. Do I have to worry about buffer overflows in
Sid's apache? Should I make some kind of jail and
put something in a DMZ?