I'm leading up to a question here, thanks in advance for weighing in on it!!
I have what I consider a standard plan for a website. The front end of the web will be secure and require login by users. In phase 1, this gives them access to several downloadable pdf files only.
This part is hosted by a 3rd party.
Phase 2 of this plan is to allow access through the same front end, same security module, and build requests that will pass through my DMZ to a web application server. All this server does is house a SQL 2000 database that Crystal reports (the requested object) will use as a datasource. The web application server will of course, return the requested data. The web application server, sitting securely behind the DMZ, is NOT located anywhere near the webserver, so the request must pass through and return outside of the DMZ (though somehow securely..details details
Is this viable? To me, it is, and I have seen it before. A consultant I have engaged tells me that there should be a seperate login for the phase 2 part, with the authentication attempt occuring ON the web application server inside of the DMZ.
I am being told basically that the only secure way is to co-locate the front end web server and the web application server.
I don't see other sites with 2 logins, one for each area...and I'm sure that not everyone is co-locating their front end and back end data source.
Is my original method inherently insecure because of the passthrough request and return?
Thank you so much for bearing with me...I hope I have explained the concept well.
I have what I consider a standard plan for a website. The front end of the web will be secure and require login by users. In phase 1, this gives them access to several downloadable pdf files only.
This part is hosted by a 3rd party.
Phase 2 of this plan is to allow access through the same front end, same security module, and build requests that will pass through my DMZ to a web application server. All this server does is house a SQL 2000 database that Crystal reports (the requested object) will use as a datasource. The web application server will of course, return the requested data. The web application server, sitting securely behind the DMZ, is NOT located anywhere near the webserver, so the request must pass through and return outside of the DMZ (though somehow securely..details details
Is this viable? To me, it is, and I have seen it before. A consultant I have engaged tells me that there should be a seperate login for the phase 2 part, with the authentication attempt occuring ON the web application server inside of the DMZ.
I am being told basically that the only secure way is to co-locate the front end web server and the web application server.
I don't see other sites with 2 logins, one for each area...and I'm sure that not everyone is co-locating their front end and back end data source.
Is my original method inherently insecure because of the passthrough request and return?
Thank you so much for bearing with me...I hope I have explained the concept well.
