We're planning to deploy an internal application with a ton of sensitive data and we're becoming very worried security wise. I suggested to keep it on our internal network but I was vetoed. Inside of the app, we programmed it to only respect requests if they come from an internal IP address...