> My question has to do with the theories behind separating > the web server from the database server. As I write up > this proposal, should I recommend a separate server for > each? What is the rationale? I presume it has to do with > the relatively poor security of a web server vs the much > improved security of a database server? (note: WIN2K > Server/SQL Server)
Yes, you should recommend separate servers for each. There are many reasons for this, as others have mentioned. Security is a big one; not so much because a database server is inherently more secure than a web server (each is only as secure as you make it), but rather because you needn't expose the database server to external access at all - it only needs to be accessible from the web server, as well as any legitimate users within the firewall. Performance is another big issue, especially on Windows; most significant services require a dedicated Windows machine. Finally, stability is an issue; like it or not, web servers tend to be less stable than database servers, and you want to avoid stability problems on your database server - it might be a little more susceptible to problems if it's unstable than a web server would be. > Does protocol dictate the creation of a user account > specifically for the CF server to establish a secure > connection to the DB Server? This is more a matter of how database servers work than the fact that you want to run them on separate machines. Typically, database servers require logins, while file-based databases like Access often do not. A single SQL Server may contain many individual databases, and each may have its own logins. So, you might not end up with a single SQL login specifically for your database, but might end up with one per datasource instead. As for the security of the connection between the web server and the database, that's more a matter of encrypting the connection than one concerning specific logins - every login will require authentication regardless of whether you encrypt the connection. > Will the separation prohibit me from using things like > FileExists? You won't be able to use it to test for the existence of files on the database server. However, you won't need to, typically. Keep in mind that SQL Server databases are quite a bit different from Access databases - when you use SQL Server, you don't deal with files directly at all. > Will I need Administrative rights on BOTH machines? Only if you'll be completely responsible for both machines. If you have a DBA, she'll be able to create databases and logins for you, and allot the necessary rights to you for specific SQL logins. In that case, you may have no actual OS rights to the database server at all! > You see, managment is concerned that if I leave the company > they will be left high and dry with a "non-standard" ColdFusion > environment. My argument is that CF is so intuitive that finding > a person capable of maintaining a CF application will probably > be easier than a comparable ASP or PHP approach. Am I off base? No, I think that's a pretty safe bet. However, one of the nice things about client-server systems like CF & SQL Server is that, even if down the road they decide they'd like to port the whole thing to ASP.NET or whatever, they can do that without changing their database structure. If you spend the time to encapsulate your database logic in stored procedures, building multiple interfaces is even easier. So, that gives you two angles to play - you can argue that CF is easier, but that you're not backed into a corner if you change your mind later. Admittedly, you might have a decent amount of business logic wrapped up in your CF code, so it might not be a trivial thing to do, but it'll certainly be possible. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
