Yes, this is much more secure than most people. I would start with securing the cf/webserver. A correctly secured webserver is very hard to hack into.
Here is an idea. If you restrict the SQL user account, that CF is connecting to your SQL server with, to only have right to run stored procedures, then if the CF server box is compromised the hacker can only run stored procedures. This may not solve all of you "what if s" but, it will stop a hacker from doing a Drop table... Anyone have thoughts on if that is a good idea / bad idea? Mark W. Breneman -Macromedia Certified ColdFusion Developer -Network / Web Server Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 -----Original Message----- From: Phoeun Pha [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 3:18 PM To: CF-Talk Subject: RE: 3 Tier Security How about a Class 2 force field around the servers.... heh... The way u have it set up now is waaaay more secure than most people have it. -----Original Message----- From: Michael Ross [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 2:30 PM To: CF-Talk Subject: 3 Tier Security I am hoping someone can help me out with this. Maybe I just can't see how it would work......but anyways we have apps that are going to be accessible outside our firewall. We currently have a set-up like this. Webserver is in dmz with the ports http/https accessible to the outside world. CF code is kept on this server. Database is completely inside the firewall. The firewall is configured to only allow communitcation from the webserver IP to the SQL IP over a sql port. There are voices around here that want to see a 3rd layer or an app server inbetween. I can't visualize how this would work? I think I may just need someone to help me visualize it. Anyways taking into consideration that the webserver software is all patched up and tighened down, the code has been analized to ensure that there are no holes will adding the extra layer really do any good? Thanks Mike ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
