-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello list/Friends,

        I was recently queried by someone looking to do business with a
company I work with about the web server architecture, in regards to
partitioning web/app/db servers.

        At that particular web site, the current architecture is as follows:

F/W
[|] [-----] [-----]
[|] [ ] [ ]
[|]-->[ web ]--------------------> [ db ]
[|] [ app ] [ ]
[|] [ ] [ ]
[|] [-----] [-----]

Server OS: Win2k AS
Web Server: IIS5
App Server: ColdFusion 4.51SP2
SQL Server: MS SQL 2000

        The person objected to this saying it was inherently insecure. I
argued that if locked down tight, this was sufficient for a highly
secure system. His argument was that there was a need to separate
out the App from Web server(s) and separate that environment from the
database via firewall, so that the web server never has direct access
to the database server, only through app-->firewall configuration.

        My question is whether anyone's been able to configure such an
architecture via Cold Fusion Enterprise 4.51 Ent.? I've never been
able to find any information about this anywhere, and
Allaire/Macromedia seem hesitant to recommend or even say this is
possible! Also, with a firewall between the DB/App servers, what is
the functionality this would break versus the security it would
enhance?

        Basically, can someone give their take on my side vs. the
recommended?

Thank you very much in advance,

Ralph M. Los
Sr. Internet Systems & Security Admin. (312) 827-3945 (direct)
EnvestNet Advisory Corp. (312) 296-9003 (wireless)
rlosenvestnet.com

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOwGUfnM6eMaR3AeZEQI43gCeNmWvMRA+YAXUmlcUk2iIlFiio+AAoKXa
+8LtC9Erc0neSFZXLLPARPKX
=1mqk
-----END PGP SIGNATURE-----

• application/octet-stream attachment: PGPexch.rtf.asc

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]