tags:

views:

14

answers:

1
Q: 

Website Safe Data Access Architecture Question

I'd like to get some opinions on what I am planning to do is safe, safe from people hacking into data.

We have a database in city A. In city B we have a company that has an internal network, and a server that has two application servers on it that each run an application, App. 1 and App. 2.

App. 1 serves on port 80, and is exposed to the internet. I want App. 2 to only be exposed to App. 1, via web services(?), meaning people on the internet and intranet would not be able to "see" App. 2.

I want App. 2 to have a private communication link to the database in city A. I need to somehow ensure that the communication between App. 2 and the database in city A is secure, but I also need to have the data in App. 1.

Does this general set up accomplish what I need to do? My main objective is data security between App. 2 and the database in city A.

Any general recommendations would be appreciated.

Thanks

A: 

There are multiple things that you can do to protect your data. I would look at using SSL over https, providing authentication for the caller of the web services (maybe a public/private key system or client certificates), and looking to set IP restriction rules for the caller on the hosting server - at a minimum.

Edit: For some reason I had thought you said an application accessing a web service, although you say application to application. Don't know if you are going to use web services, but that is the path we have followed.

joseph.ferris  2009-10-14 17:57:00
in general, what precautions do I need to take when I have a remote DB, is SSL between the two good enough, or is their something else I can do to prevent people from accessing the data?
bmw0128  2009-10-14 18:05:05
The more preventative measure, the better. SSL is only going to encrypt it while in transit, but won't prevent access to the service. IP restrictions will prevent unauthorized IP addresses from accessing, but can be spoofed. Certificates are very helpful, because they are issued by a third party and as long as the server and client are the only people to have the cert, it is quite secure. It is like software protection, you provide multiple layers of protection, because (usually) one is not enough.
joseph.ferris  2009-10-14 18:18:05

related questions

What is the best architecture to bridge to XMPP?
How to expose a collection property?
How do you build a ratings implementation?
Alternative "architectural" approaches to javaScript client code?
Split data access class into reader and writer or combine them?
Guide to choosing between REST vs SOAP services?
Best architecture for handling file system changes?
Globalization architecture
How Did You Decide Between WISA and LAMP?
Best Blogs for Software Architecture
Experience documentation about Shared Nothing Architecture
Agile architectures
VS.NET Application Diagrams
Documenting program architecture
Books for software architect
How do you do system integration?
Design debate: what are good ways to store and manipulate versioned objects?
Passing more parameters in C function pointers
Send messages to program through command line
Interfaces on different logic layers
How to structure a java application, in other words: where do I put my classes?
Are there any negative reasons to use an N-Tier solution?
Linux - files and scripts that execute on boot
Good STL-like library for C.
Best way to allow plugins for a PHP application