I am designing a internet facing website that will access data from our sql server database and display it on the web.
There are two machines
MACHINE A is the webserver. It has IIS and it is facing the internet.
MACHINE B is has SQLServer 2005 Database.
MACHINE A AND MACHINE B ARE IN THE SAME FACILITY.
(A) Install WebService on MACHINE B.
(B) Web Server(MACHINE A) will call webservice.
(C) Webservice will access SQLServer database and return data.
(A) Do not install webservice on MACHINE B.
(B) Web server directly access SQL Server database on MACHINE B exclusively using ONLY STORED PROCS through Data Layer. ( just like in 3 tier application )
(1) Security wise which option is better. Option 1 or Option 2 or are both equally vulnerable.
(2) What are the relative advantages / disadvantages of both the method.
(3) What method would you recommend?
(4) What is the general industry trend?
THANK YOU FOR ALL YOUR HELP.