Does using web services to expose a .NET DAL add security?
Posted
by Jonno
on Stack Overflow
See other posts from Stack Overflow
or by Jonno
Published on 2010-06-12T23:42:27Z
Indexed on
2010/06/12
23:52 UTC
Read the original article
Hit count: 310
Currently my employer deploys a web application over 3 servers.
- DB - No public route
- Web Service DAL - No public route
- Web Server - Public route
The reason for this is the theory that if the web server is compromised, they don't arrive at the DB directly, but instead arrive at the DAL box.
To my mind, as the DAL box and Web Sever box - both run windows/IIS - if the public box has been compromised, the same exploit would likely work on the DAL box - therefore I do not see this as a real security benefit.
I would like to propose we remove the middle machine and allow the web server to connect directly to the database.
Is this middle box really a benefit?
© Stack Overflow or respective owner