----------------------------------------------------------- New Message on cochindotnet
----------------------------------------------------------- From: SecCode Message 5 in Discussion Hmm.. You want to go to that level of detail, do you? :-) I assume that you do realize that in a real world setting there are compromises and dependencies that may keep you from completely separating your code into the actual separate physical tiers. To directly answer your question, what I mean by a Data Access Layer is NOT the physical database but the Data Access Logic (DAL) code. This is the code that you write that actually makes the calls to a database. In a real world setting, it is very doubtful that the DAL resides on the database machine (if for no other reason that the DBA's will not allow anyone to touch their DB server!). It is much more realistic to have one of the following: Presentation Layer & Biz Logic Layer & DAL [Web Server] --> [DB Server] OR Presentation Layer [Web Server] ---> Biz Logic Layer & DAL [App Server] --> [DB Server] In general, requirements for scalability or security will determine on which physical tier each layer will reside. For example, if you wanted to scale the Presentation Layer, the easiest way to do this would be to put a load balancer in front of multiple identically configured web servers. And it would not matter which of the above options you used. But consider if you have an Internet-facing application which has very complex and sensitive business rules. This is NOT something that you would want exposed directly on the Internet. In such a case, what you would normally do would be to put the Web server in your DMZ with firewalls both in front of it and behind it. Internet |*| Firewall -> Web Server -> Firewall |*| Internal Network which hosts your App Server & DB Server. The firewall in front of the Web Server protects it from Internet facing threats (some of them any way), but you also have to go through another firewall to get to your application server which would be inside your protected network. The connectivity between the Web and App server would be allowed by the firewall rules (Point-To-Point) and would typically be either Remoting or Web Service based in the .NET world. I am by necessity simplifying some of the concepts, but hopefully you get my meaning... BTW, people have been interchangeably using Tier and Layer so until you clarify exactly what a person means, it is hard to have a common vocabulary.. So before you even get into describing something as a 2-Tier/3-Tier/n-Tier application, make sure that everyone has the same definition of what a Tier is and what a Layer is. Regards, - Anil -------------------------------------------------------------- -- http://SecureCoder.com -- Architecture & Security in an Imperfect World -------------------------------------------------------------- ----------------------------------------------------------- To stop getting this e-mail, or change how often it arrives, go to your E-mail Settings. http://groups.msn.com/cochindotnet/_emailsettings.msnw Need help? If you've forgotten your password, please go to Passport Member Services. http://groups.msn.com/_passportredir.msnw?ppmprop=help For other questions or feedback, go to our Contact Us page. http://groups.msn.com/contact If you do not want to receive future e-mail from this MSN group, or if you received this message by mistake, please click the "Remove" link below. On the pre-addressed e-mail message that opens, simply click "Send". Your e-mail address will be deleted from this group's mailing list. mailto:[EMAIL PROTECTED]