Does using web services to expose a .NET DAL add security?

Posted by Jonno on Stack Overflow See other posts from Stack Overflow or by Jonno
Published on 2010-06-12T23:42:27Z Indexed on 2010/06/12 23:52 UTC
Read the original article Hit count: 310

Filed under:
|
|
|

Currently my employer deploys a web application over 3 servers.

  1. DB - No public route
  2. Web Service DAL - No public route
  3. Web Server - Public route

The reason for this is the theory that if the web server is compromised, they don't arrive at the DB directly, but instead arrive at the DAL box.

To my mind, as the DAL box and Web Sever box - both run windows/IIS - if the public box has been compromised, the same exploit would likely work on the DAL box - therefore I do not see this as a real security benefit.

I would like to propose we remove the middle machine and allow the web server to connect directly to the database.

Is this middle box really a benefit?

© Stack Overflow or respective owner

Related posts about .NET

Related posts about ASP.NET