Just off the top of my head, some kind of database abstraction level might be what they are thinking. Currently you send SQL straight to the webserver, which if the web server is compromised would let a hacker send arbitrary sql statements to the sql server. With an API in the middle using COM, a Javabean, a web service, or something similar that passes the data back to your app, you could isolate the web server from the sql server.
I think theoretically this could be more secure than allowing CF and the web server unfettered access to the database... -- jon mailto:[EMAIL PROTECTED] Wednesday, September 18, 2002, 3:30:04 PM, you wrote: MR> I am hoping someone can help me out with this. Maybe I just can't see how it would work......but anyways we have apps that are going to be accessible outside our firewall. We currently have a MR> set-up like this. MR> Webserver is in dmz with the ports http/https accessible to the outside world. CF code is kept on this server. Database is completely inside the firewall. The firewall is configured to only MR> allow communitcation from the webserver IP to the SQL IP over a sql port. There are voices around here that want to see a 3rd layer or an app server inbetween. I can't visualize how this would MR> work? I think I may just need someone to help me visualize it. Anyways taking into consideration that the webserver software is all patched up and tighened down, the code has been analized to MR> ensure that there are no holes will adding the extra layer really do any good? MR> Thanks MR> Mike MR> ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
