Solved

General question on j2ee and dmz

Posted on 2002-06-06
5
378 Views
Last Modified: 2013-11-24
I've been developing a j2ee project.  The final outcome is an ear file that is deployed by weblogic.  Today our network guys are saying that this is a security hole.  They are placing weblogic in the dmz so there could be potential database security issues with the cmp getting data from the db.  They are telling me that i have to break it up so that the html, jsp, images, etc can be in the dmz but the jar file can be behind the firewall.

I have a problem with this whole issue but the main one is that from weblogics site, they use an architecture that has weblogic begind the firewall using an ear file.
And when i propose this to them they cant seem to give me a straight answer.


Do these guys know something that IBM, Sun, BEA, Oralce, Sybase, etc doesnt regarding the use of ear files and security issues.

Thanks
0
Comment
Question by:borg48
  • 3
  • 2
5 Comments
 
LVL 7

Expert Comment

by:yoren
Comment Utility
Most experts (including BEA's site) recommend putting the web/application server in the DMZ; this provides some protection against security holes in the Weblogic or Java software. See http://e-docs.bea.com/wls/docs70/cluster/planning.html#1067007 .

For the database placement you have two options. The most secure option is to create a web-only database in the DMZ, so that you don't need a hole in your inner firewall for application <--> database traffic. The other option is to place the database behind the inner firewall and open a hole for database traffic.
0
 

Author Comment

by:borg48
Comment Utility
So does that mean breaking up the ejb's from the presentation layer?
0
 

Author Comment

by:borg48
Comment Utility
What about keeping the whole ear file (war and jar) behind the DMZ ( behind a firewall ) and just open up traffic for the port being used which is 80.  This is like
Figure 6-1 Recommended Basic Architecture from the link you gave me.
0
 
LVL 7

Accepted Solution

by:
yoren earned 60 total points
Comment Utility
The Basic Architecture doesn't apply, because your network has a DMZ. The Basic Architecture is (in my opinion) for networks with only one firewall.

However, I see no reason to break up the presentation layer from your EJBs. I'd recommend putting the whole ear and Weblogic server in your DMZ.
0
 

Author Comment

by:borg48
Comment Utility
What kind of security issues are there when the ejb tries to access the database.  Of course we have to open up the port that the database is listening right?

Thanks for the infor you have given me
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
IT Company 5 68
changePi Challenge 15 75
Setting strict transport security header in header not working 1 45
@SBGen Method 3 25
Are you developing a Java application and want to create Excel Spreadsheets? You have come to the right place, this article will describe how you can create Excel Spreadsheets from a Java Application. For the purposes of this article, I will be u…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now