That was my thought, if they get in an extra layer will only delay them not stop them. The thing is this is extremely private data that if it were to get out would cause the hospital a great deal of problems it you get my drift!. Right now the 1st project is still in test and using Win/IIS but I'd like to get it to redhat/apache. I am a strong believer that we should be more worried about tightening the code and webserver than worring about adding that extra layer. Also we have made the datasource account read only access. I think your concept is something we should gear towards as more and more applications are added into the mix.
I was thinking about make the calls as a webservice? I will have to look into how security plays into that. Thanks again. >>> [EMAIL PROTECTED] 09/18/02 09:14PM >>> I think that the 3 Tier issue is really one of performance, not security., If you can compromise the 1st tier, you can compromise the second, and then the third. Anywhere there is a hole in the firewall there is an opportunity to break in. Tiers just add layers and make it more complicated. However, on the performance side application servers can help with the load. It is easy to conceive of an application where for example, I would want 2 web servers (tier 1), 5 application servers and 1 database server. This lets me scale my app servers separately from my web servers which can make a difference in licensing cost. Justin > -----Original Message----- > From: Michael Ross [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 18, 2002 3:30 PM > To: CF-Talk > Subject: 3 Tier Security > > I am hoping someone can help me out with this. Maybe I just > can't see how it would work......but anyways we have apps > that are going to be accessible outside our firewall. We > currently have a set-up like this. > > Webserver is in dmz with the ports http/https accessible to > the outside world. CF code is kept on this server. Database > is completely inside the firewall. The firewall is > configured to only allow communitcation from the webserver IP > to the SQL IP over a sql port. There are voices around here > that want to see a 3rd layer or an app server inbetween. I > can't visualize how this would work? I think I may just need > someone to help me visualize it. Anyways taking into > consideration that the webserver software is all patched up > and tighened down, the code has been analized to ensure that > there are no holes will adding the extra layer really do any good? > > Thanks > > Mike > > ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
