Some folks will say it's no more secure than having it all on one box...but I believe it *does* offer you the opportunity to at least *implement* additional security if need be...although simply separating the two and having them in the same network segment is not going to do much for you. In our case the communication between the web and app server is limited to the generated response cf produces (via firewall) limiting the risk to the app server.
That's not the sole reason we've done it that way...all of our web servers are clustered together (rather than clustering the combined app/web scenario) which from what I'm told offers our operations folks more flexibility. Stace -----Original Message----- From: Tony Weeg [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 4:31 PM To: CF-Talk Subject: RE: Separating IIS from CF ok, he bows his head in ignorance... im dumb, but why would you want to? tony weeg uncertified advanced cold fusion developer tony at navtrak dot net www.navtrak.net office 410.548.2337 fax 410.860.2337 -----Original Message----- From: Stacy Young [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 4:02 PM To: CF-Talk Subject: RE: Separating IIS from CF Sure you can...the jrun connector navigates to the cfmx server via IP address and port number. Stace -----Original Message----- From: Tony Weeg [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 3:29 PM To: CF-Talk Subject: RE: Separating IIS from CF of the people who use iis and cf, I bet its 100% are on the same machine...i don't even think you can have it on two different machines? can you? I know you can use the built in server that comes with cf, but that would be on port 8500 right? tony weeg uncertified advanced cold fusion developer tony at navtrak dot net www.navtrak.net office 410.548.2337 fax 410.860.2337 -----Original Message----- From: Tony Weeg [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 3:23 PM To: CF-Talk Subject: RE: Separating IIS from CF we had a security audit one time tell us to take our webservers offline so that hackers couldn't see them. my point is... there is no clear reasoning as to why a security company would tell you to take your cf server and put that on a different machine than your iis machine...it just doesn't make sense....not in the least bit. how many developers/web shops on this list, have iis and cf on the same machine? I bet 100% of us. tony weeg uncertified advanced cold fusion developer tony at navtrak dot net www.navtrak.net office 410.548.2337 fax 410.860.2337 -----Original Message----- From: Venable, John [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 11:10 AM To: CF-Talk Subject: Separating IIS from CF We just had a security audit and one of the recommendations was to separate Cold Fusion and IIS onto two separate systems. I hadn't heard of doing this, and am really wary of doing this since we are using Commonspot and I have no idea what ramifications would result. Their reasoning for this was pretty vague, so can anyone give me reasons why we should and shouldn't do this? The motivation in this particular case being improved security. Thanks John --- John Venable Director of Web Architecture Epilepsy Foundation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
