Solved

Database Web Application Topology

Posted on 2008-10-06
9
506 Views
Last Modified: 2009-04-22
what is the best and most secure topology for a database driven web application? Is there a best practice?
0
Comment
Question by:0pt1mus
  • 3
  • 3
9 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 63 total points
Comment Utility
1. web server, application server and database server are in DMZ
2. if you have one physical machine for each server, depends on your topology and the work you're willing to configure and maintain several servers
3. the database is read-only by the web/application server
4. you have a good concept of users and (access) roles for the database

hope this helps for starting ...
0
 
LVL 142

Assisted Solution

by:Guy Hengel [angelIII / a3]
Guy Hengel [angelIII / a3] earned 63 total points
Comment Utility
>1. web server, application server and database server are in DMZ
web server: yes.
the application server and database servers: not necessarily. in regards to the db server, if it is there, it should "only" be a replication. of the actual database

>3. the database is read-only by the web/application server
well, that would be non-sense for a read/write web application?!!!


0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> .. db server, if it is there, it should "only" be a replication. ..
yes, that's what my "read-only" implies

> that would be non-sense for a read/write web application?
agreed, but the question only says:
> .. for a database driven web application?
this reads to me that the web content is driven by the databese, not the database content by the web application. Need some clarifications here.

Anyway, even if the database is modified by the web app, ist should be in the DMZ, otherwise you open the door to you network by insecure web apps, think of SQL injection, various kinds of code injection, ...
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
Comment Utility
sql/code injection is solved by secure web server/correct code, and not by the web/db server in the dmz or not.
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> .. solved by secure web server/correct code ..
:-)

The question was about "best practice", then isolating services is defence in depth (as I've never seen secure code, 95%++ web apps are vulnerable, somehow, today ...)
0
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
Comment Utility
>as I've never seen secure code, 95%++ web apps are vulnerable, somehow, today ...
that's right. however, I don't remember having seen a 100% read-only web application, until now, on the other side, so you HAVE to make the db read-write.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

CCModeler offers a way to enter basic information like entities, attributes and relationships and export them as yEd or erviz diagram. It also can import existing Access or SQL Server tables with relationships.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now