Thick Client Access to Internal Databases

ISO Position Paper

Position Title: Thick Client Access to Internal Databases

Position Audience: Princeton IT Professionals

Contact: Information Security Office: InfoSec@princeton.edu

Position Release Date: August 1, 2018


Problem Statement

With some legacy systems, thick client access was necessary for non-admin users to access
internal databases at the University. For most, if not all, this also required firewall rules to be
put in place causing overhead, complexity, and access security concerns.
Many of the necessities for thick client access have been eliminated and is the reason for this
position paper.

ISO Position

If there are options to provide access to internal databases without the use of a thick client,
those options should be used.
With each upgrade that OIT performs, if there are legacy thick client connections they should be
migrated to current standards of access, including web applications, terminal servers, or bastion
hosts, and associated firewall rules be identified and removed.

Additional Information

Any questions or requests for a security review for exemption can be addressed by the
Information Security Office.

Data classification: Public