I'm involved in a large .net project which is mainly asp.net. One of the requirements is to have all access to data made via web services. The reasoning I've been given for this approach is that this is more secure than a traditional website that accesses a database directly. If the web server is compromised then the hacker will not have access to the database and would have to cross another application domain to get it. A hacker would have access to modify code and run any code they wish. Is this really possible?
My concern is that this approach is going to be too slow. As far as security is concerned isn't it just a matter of adding the correct code access permissions? I know that web services are superb for geographically dispersed applications but this website is going to sit next to the sql server database with minimal 3rd party integration. Does anyone have any thoughts on this approach?
Matt
My concern is that this approach is going to be too slow. As far as security is concerned isn't it just a matter of adding the correct code access permissions? I know that web services are superb for geographically dispersed applications but this website is going to sit next to the sql server database with minimal 3rd party integration. Does anyone have any thoughts on this approach?
Matt