We thought about vpn but management didn't like that idea......don't know why either....
>>> [EMAIL PROTECTED] 09/19/02 09:18AM >>> If your users have to connect to the Internet to get to your Intranet, then why not just use VPN. Unless, of course, you want them to access them from PC's which they cannot setup a VPN like customer sites or Internet Cafes'. ----- Original Message ----- From: "Michael Ross" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, September 19, 2002 8:55 AM Subject: RE: 3 Tier Security > That was my thought, if they get in an extra layer will only delay them not stop them. The thing is this is extremely private data that if it were to get out would cause the hospital a great deal of problems it you get my drift!. Right now the 1st project is still in test and using Win/IIS but I'd like to get it to redhat/apache. I am a strong believer that we should be more worried about tightening the code and webserver than worring about adding that extra layer. Also we have made the datasource account read only access. I think your concept is something we should gear towards as more and more applications are added into the mix. > > I was thinking about make the calls as a webservice? I will have to look into how security plays into that. > > Thanks again. > > > >>> [EMAIL PROTECTED] 09/18/02 09:14PM >>> > I think that the 3 Tier issue is really one of performance, not security., > If you can compromise the 1st tier, you can compromise the second, and then > the third. Anywhere there is a hole in the firewall there is an opportunity > to break in. Tiers just add layers and make it more complicated. However, > on the performance side application servers can help with the load. It is > easy to conceive of an application where for example, I would want 2 web > servers (tier 1), 5 application servers and 1 database server. This lets me > scale my app servers separately from my web servers which can make a > difference in licensing cost. > > Justin > > > -----Original Message----- > > From: Michael Ross [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, September 18, 2002 3:30 PM > > To: CF-Talk > > Subject: 3 Tier Security > > > > I am hoping someone can help me out with this. Maybe I just > > can't see how it would work......but anyways we have apps > > that are going to be accessible outside our firewall. We > > currently have a set-up like this. > > > > Webserver is in dmz with the ports http/https accessible to > > the outside world. CF code is kept on this server. Database > > is completely inside the firewall. The firewall is > > configured to only allow communitcation from the webserver IP > > to the SQL IP over a sql port. There are voices around here > > that want to see a 3rd layer or an app server inbetween. I > > can't visualize how this would work? I think I may just need > > someone to help me visualize it. Anyways taking into > > consideration that the webserver software is all patched up > > and tighened down, the code has been analized to ensure that > > there are no holes will adding the extra layer really do any good? > > > > Thanks > > > > Mike > > > > > > ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
