Solved

Database Web Application Topology

Posted on 2008-10-06
9
511 Views
Last Modified: 2009-04-22
what is the best and most secure topology for a database driven web application? Is there a best practice?
0
Comment
Question by:0pt1mus
  • 3
  • 3
9 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 63 total points
ID: 22664848
1. web server, application server and database server are in DMZ
2. if you have one physical machine for each server, depends on your topology and the work you're willing to configure and maintain several servers
3. the database is read-only by the web/application server
4. you have a good concept of users and (access) roles for the database

hope this helps for starting ...
0
 
LVL 143

Assisted Solution

by:Guy Hengel [angelIII / a3]
Guy Hengel [angelIII / a3] earned 63 total points
ID: 22666292
>1. web server, application server and database server are in DMZ
web server: yes.
the application server and database servers: not necessarily. in regards to the db server, if it is there, it should "only" be a replication. of the actual database

>3. the database is read-only by the web/application server
well, that would be non-sense for a read/write web application?!!!


0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22666523
> .. db server, if it is there, it should "only" be a replication. ..
yes, that's what my "read-only" implies

> that would be non-sense for a read/write web application?
agreed, but the question only says:
> .. for a database driven web application?
this reads to me that the web content is driven by the databese, not the database content by the web application. Need some clarifications here.

Anyway, even if the database is modified by the web app, ist should be in the DMZ, otherwise you open the door to you network by insecure web apps, think of SQL injection, various kinds of code injection, ...
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 22666536
sql/code injection is solved by secure web server/correct code, and not by the web/db server in the dmz or not.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22666569
> .. solved by secure web server/correct code ..
:-)

The question was about "best practice", then isolating services is defence in depth (as I've never seen secure code, 95%++ web apps are vulnerable, somehow, today ...)
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 22666834
>as I've never seen secure code, 95%++ web apps are vulnerable, somehow, today ...
that's right. however, I don't remember having seen a 100% read-only web application, until now, on the other side, so you HAVE to make the db read-write.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Technology Resume 7 66
ebay messages api 6 16
MS SQL GROUP BY 6 71
Access table not showing correct column 6 17
FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
Does your audience prefer people in photos or no people? How can you best highlight what you’re selling? What are your competitors doing, and what can you do that is different and unique from them?  Continue reading to learn how to make your images …
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question