I agree with Nathan on this point. The only thing you exposing to the public is the port pointing to the apache web server. Getting access o the apache web server does not give you access to the database on a properly configured system. Just because MS SQL database sits on a different server from the typical IIS server (I say typical because I have seen IIS sites with MS SQL on the same server as IIS) does not mean it is more secure. There still has to be some communication link between IIS and MS SQL.
-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Nathan Andelin
Sent: Tuesday, April 12, 2011 12:38 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] iSeries vs IIS web site
From: John Jones
I'll point out that there is legit concern if the i-based solution
were to keep database, apps, and web services on a single LPAR.
I think that's a common misconception. I believe that centralized architecture tends to be more secure because it's less complex, and easier to manage, particularly under IBM i.
By definition the database server would be in the outer DMZ as that's
where the web servers have to reside to be visible to the outside world.
What is an "outer" DMZ? It appears to me that the only reason for a DMZ is to isolate and hide a private network from a public one. If that's the case, why not just use routers to define your DMZ, rather than using a Web server to define it? I suspect that the idea of placing web servers in one network, and database servers in another caught on simply because Microsoft was promoting it, not because it was actually more secure.
Unfortunately, distributed architecture is so ubiquitous that people naturally fall in line with these unfounded notions about security.
-Nathan
--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/web400.
As an Amazon Associate we earn from qualifying purchases.