Add a comment

 

Re: When do you need a 3-tier architecture?

I have a question about Three-tier architecture from a secure architecture viewpoint that I was hoping you could provide guidance on. Currently, I see implementation where web servers sit in the DMZ and there's a firewall rule that allows ports 80/443 to pass through to back-end servers/services - application servers, database servers, authentication servers (LDAP/AD/etc). To me this is the wrong way (and an very insecure way) to implement web services, as I believe the calls to these back-end servers/services should not flow over ports 80/443, but should be application calls. I believe there should be another server in the DMZ that the web server DMZ makes a call to first. Then on that second DMZ server, the request for back-end servers/services is requested and converted to a true application/web service call, which then in turns make a request through the firewall using an application/service port, and not 80/443. Wanted to get your thoughts on this. Thx, Jeff

Re: When do you need a 3-tier architecture?


Title
Body
HTML : b, strong, i, em, blockquote, br, p, pre, a href="", ul, ol, li, sub, sup
Name
E-mail address
Website
Remember me Yes  No 

E-mail addresses are not publicly displayed, so please only leave your e-mail address if you would like to be notified when new comments are added to this blog entry (you can opt-out later).