We're deploying a simple newsletter webapp on a stand-alone LAMP platform in the company DMZ. There is some discussion as to whether the MySQL server should be removed from the DMZ and put in the internal network.
The server is behind a firewall with only port 80 open and MySql will be attached to a non-standard port. The database contains customer email addresses.
Is this a secure setup (or secure enough)? How much more secure would it be by placing the data behind a second firewall? (I'm more of a developer so I'm not really aware of all the security aspects here - can someone enlighten me!)
Update Just for clarification and to attact more comment here is our current setup:
internet - firewall1 - http server - firewall2 - appserver - firewall3 - enterprise resources
This new application was supposed to go completely within the DMZ between firewalls 1 and 2. We're currently discussing pulling the MySQL server in behind the 2nd firewall.