A
Andrea M. Segovia
Hello,
I am looking at the security aspects of a web-based application using
Apache, Tomcat to an Oracle backend.
The current architecture has the Apache and Tomcat server integrated
on one physical server. My instinct (as someone with a sys admin/net
admin background) is to separate Apache and Tomcat server functions on
different servers and place a firewall or filtering router in between,
as the Tomcat server is the one that will have access to the Oracle
databases, and is therefore more valuable.
Is this approach recommended? What additional problems does it present
to the application developers and server administrators?
What is the standard application architecture for these types of
Internet applications?
I have been unable to find much information on overall web-based
application architectures that include discussions of how to design
(before the fact) or fit (after the fact) these applications for/to
existing security architectures from either the programming or
security point of view....any pointer to resources discussing
"integration" issues for web-based systems as a whole would also be
appreciated....
Andrea
I am looking at the security aspects of a web-based application using
Apache, Tomcat to an Oracle backend.
The current architecture has the Apache and Tomcat server integrated
on one physical server. My instinct (as someone with a sys admin/net
admin background) is to separate Apache and Tomcat server functions on
different servers and place a firewall or filtering router in between,
as the Tomcat server is the one that will have access to the Oracle
databases, and is therefore more valuable.
Is this approach recommended? What additional problems does it present
to the application developers and server administrators?
What is the standard application architecture for these types of
Internet applications?
I have been unable to find much information on overall web-based
application architectures that include discussions of how to design
(before the fact) or fit (after the fact) these applications for/to
existing security architectures from either the programming or
security point of view....any pointer to resources discussing
"integration" issues for web-based systems as a whole would also be
appreciated....
Andrea