Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Web architecture security best practices

Locked Web architecture security best practices

  • Thursday, April 22, 2010 9:18 AM
     
     
    Sign In to Vote
    0

    Hi,

    I am reading these documents: http://msdn.microsoft.com/en-us/library/aa302420.aspx about security in web app architecture.

    These articles were written in 2003 .. but they seems good also in 2010.

    Are these best practices replace by something else on MSDN or Technet ?

    And, in general, is it a good choice to deploy web applications using an additional layer (IIS) between Web server and SQL Server ?

    Thanks for help.

       

    All Replies

    • Saturday, June 19, 2010 7:04 PM
       
       
      Sign In to Vote
      0
      Hi,
       
      To answer your question, I would look to make sure I am looking at the
      newest stuff on Technet and MSDN as a lot of documents are best
      practices for a particular version of software.
       
      In general you would separate the database and web application as both a
      security and performance concern, so it would depend on the needs of
      your organization. If you expect a lot of traffic or need to make sure
      that the compromise of the IIS server does not compromise the DB, then a
      dedicated database server would be the way to go.
       
      -- Mike Burr