Joe Kelly
Mon, 22 Oct 2007 08:38:01 -0700
Man! That's a lot of questions! Some of this was covered in Chris's link but I'll try and encapsulate...
> > 1. Can you use the CF Standard edition with the three tiered architecture? > Not necessarily. In its simplest form you put webserver in front of the CF server and proxy the requests for .cfm to the next server. The officially supported form is called 'distributed mode' and is available with Enterprise Edition. I suspect you can rig standard edition to support distributed mode as well, but I never tried and I am not sure what the EULA has to say about that. Jochem van Dieten > 2. Joe, you stated (in the other thread) that a professional CF consultant > recommended eliminating the middle tier, and putting the CF application > server on the same box as the webserver. Well, that is what we are doing > now, and they want to go to the three tiered architecture for security > reasons (you know, put the linux webserver in the DMZ, and if some hacker > gets in and blows it up, big deal, we put another in - at least the CF > server is safe). That's their idea. I want to know if that is sound? Why > would that consultant say to go with them on one box, if you sacrifice > security (at least, in my clients eyes) to do it? > You should read the links in their entirety to form your own opinion, but since you asked... I tend to agree w/ Dave Watts below - tighten up your DMZ server, use a firewall, etc. and watch your code: While this is very effective as a protection against vulnerabilities in your public web server and its OS, this doesn't do anything to protect against application server vulnerabilities such as SQL injection and XSS, which in my opinion are more common, and perhaps more serious. Dave Watts, CTO, Fig Leaf Software > 3. Joe, again in that other thread you've said that JRun should be avoided > because it is old and has not had any patches in 2 years. You mean the > software JRun, and not the jrun.exe that my current CF server runs on, > correct? > This was actually Eric's statement. And the last updater for JRUN 4 (updater 6) did come out in 2005. > 4. I still do not understand the J2EE application server. Is that the only > way to deploy CF in a three-tiered load-balanced environment where the > webserver and the application server are separate boxes? Can that not be > done with CF installed as a service on Windows? If not, do we have to buy > JRun (or WebSphere or WebLogic, or get JBoss for free) to run it? (Pardon my > ignorance - I am willing to learn) > CF Enterprise comes with JRun, so you don't have to buy JRun. CF runs on top of JRun or whatever J2EE you want. http://www.adobe.com/products/coldfusion/pdfs/cf8_systemsupportmatrix.pdf Adrian Moreno wrote the following: When you create an instance of CF on Windows, there's an option to create a Windows service for it as well. When you run multiple servers and multiple instances on each server, when an error occurs you need to know exactly which server & instance the user was on when it happened. Go to http://www.unitrinspecialty.com and Ctrl+A to select all the text on the page. We place that info in white text under the footer and pass it in hidden field values on the form that users get when an error happens. Unless you're going to need Event Gateways (aren't they going to be in CF 8 Standard?) or multiple instances I don't see any reason to go to Enterprise. But if you do and you don't want to use JRun, CF 8 officially supports JBoss. There's no need use Weblogic or some of those other high dollar J2EE application servers when JBoss is free. > 5. Will my current structures that I store in the server and application > and session scopes cease to work as I expect if we switch to the > three-tiered architecture (and have everything configured correctly)? I know > you don't know how I've coded things for my programs, but is there even a > way to code these variables such that switching to the three-tiered > environment will ruin those variables? Have they figured out all those > inherent problems? > I'll let someone else answer this one! Joe Kelly _______________________________________________ Reply to DFWCFUG: List@list.dfwcfug.org Subscribe/Unsubscribe: http://lists1.safesecureweb.com/mailman/listinfo/list List Archives: http://www.mail-archive.com/list%40list.dfwcfug.org/ http://www.mail-archive.com/list%40dfwcfug.org/ DFWCFUG Sponsors: www.instantspot.com/ www.teksystems.com/