Our web server is in the DMZ with the Coldfusion app server (cluster) sits in the MZ. (CF in distributed mode - http://www.macromedia.com/support/coldfusion/administration/cfmx_in_distribu ted_mode/ ). The database is contained within it's own MZ as well on another network segment. Some may argue that you need not go this far or that it's no more secure then a properly sealed web/app server sitting in the DMZ...but what can I say...we're a financial institution so we don't take chances...
Hope that helps! Stace -----Original Message----- From: Michael Ross [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 3:30 PM To: CF-Talk Subject: 3 Tier Security I am hoping someone can help me out with this. Maybe I just can't see how it would work......but anyways we have apps that are going to be accessible outside our firewall. We currently have a set-up like this. Webserver is in dmz with the ports http/https accessible to the outside world. CF code is kept on this server. Database is completely inside the firewall. The firewall is configured to only allow communitcation from the webserver IP to the SQL IP over a sql port. There are voices around here that want to see a 3rd layer or an app server inbetween. I can't visualize how this would work? I think I may just need someone to help me visualize it. Anyways taking into consideration that the webserver software is all patched up and tighened down, the code has been analized to ensure that there are no holes will adding the extra layer really do any good? Thanks Mike ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists