Solved

Database Web Application Topology

Posted on 2008-10-06
9
514 Views
Last Modified: 2009-04-22
what is the best and most secure topology for a database driven web application? Is there a best practice?
0
Comment
Question by:0pt1mus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
9 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 63 total points
ID: 22664848
1. web server, application server and database server are in DMZ
2. if you have one physical machine for each server, depends on your topology and the work you're willing to configure and maintain several servers
3. the database is read-only by the web/application server
4. you have a good concept of users and (access) roles for the database

hope this helps for starting ...
0
 
LVL 143

Assisted Solution

by:Guy Hengel [angelIII / a3]
Guy Hengel [angelIII / a3] earned 63 total points
ID: 22666292
>1. web server, application server and database server are in DMZ
web server: yes.
the application server and database servers: not necessarily. in regards to the db server, if it is there, it should "only" be a replication. of the actual database

>3. the database is read-only by the web/application server
well, that would be non-sense for a read/write web application?!!!


0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22666523
> .. db server, if it is there, it should "only" be a replication. ..
yes, that's what my "read-only" implies

> that would be non-sense for a read/write web application?
agreed, but the question only says:
> .. for a database driven web application?
this reads to me that the web content is driven by the databese, not the database content by the web application. Need some clarifications here.

Anyway, even if the database is modified by the web app, ist should be in the DMZ, otherwise you open the door to you network by insecure web apps, think of SQL injection, various kinds of code injection, ...
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 22666536
sql/code injection is solved by secure web server/correct code, and not by the web/db server in the dmz or not.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22666569
> .. solved by secure web server/correct code ..
:-)

The question was about "best practice", then isolating services is defence in depth (as I've never seen secure code, 95%++ web apps are vulnerable, somehow, today ...)
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 22666834
>as I've never seen secure code, 95%++ web apps are vulnerable, somehow, today ...
that's right. however, I don't remember having seen a 100% read-only web application, until now, on the other side, so you HAVE to make the db read-write.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Lotus Notes has been used since a very long time as an e-mail client and is very popular because of it's unmatched security. In this article we are going to learn about  RRV Bucket corruption and understand various methods to Fix "RRV Bucket Corrupt…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question