Three-tiered security in linux environment 1

[baz4096]

Hi

I have a client that is asking for three tiered security for a (relatively) simple web-based application. The data that is being processed is rather sensitive and needs to be very securely protected.

Although I understand the principles of a three tiered architecture (Web/application server firewalled to a business logic/transaction server firewalled to the back end database server), I am unsure of how to actually implement this in a linux environment.

What has added confusion to the issue is that the client's IT department mentioned that this is possible to implement on one physical machine....

What I would like to know is if this is all possible using open source software and maybe JSP or PHP?

Thanks in advance for any help no matter how small

Baz

 

[lgarner]

PHP runs on a web server and is at level 1. JSP runs under a Java engine (JBoss, Tomcat, Websphere) and is at level 2. The database is obvously its own component and is at level 3.

Unless your application already uses all 3 layers, it must be rewritten to do so. If you client is concerned about security, I'd say that you can *not* run all three layers on one host- you remove any benefit of the 3-layer model.

At least, the DB and Web/App server should be separate systems with a firewall between them. Whether the middle layer is appropriate or possible is up to the programmers.