Last post Nov 08, 2015 06:08 AM by Weibo Zhang
Oct 08, 2015 06:28 PM|ncage|LINK
We are grappling with how best to architect our back end servers for best security. I think one of best practices is to separate your web server/s from your internal network (in their own DMZ) but other than that how far do you need to go? I would love to
find a best practice type document i could present to my company. For example do you let your web servers call your database directly or do you make it go through another layer like a REST service that way if anyone ever took over that web server then they
I understand as you try to scale your site you definitely will need more than the web server itself but from a security perspective if you end up needing a rest service does it make it more secure if you place your service with your api in its own dmz that
doesn't have internet access? Any somewhat official documents would be greatly appreciated.
Oct 09, 2015 03:10 AM|Weibo Zhang|LINK
About the security, you’d better have a look at the following articles. Especially the first one, it’s just one chapter of the series of
Web Application Security courses, you could read them carefully.
I hope it’s useful to you.
Oct 09, 2015 09:40 AM|ncage|LINK
Thanks Weibo for taking your time to reply unfortunately though i don't know how much weight these links are going to have since they are from 2003 and at the bottom they state clearly that its "retired" content :(
Nov 08, 2015 06:08 AM|Weibo Zhang|LINK
The links I provided above, through some of them are marked “outdated”, the concepts that they discusses are also useful for protecting our applications. They discuss the security protections from multiple angles, coding, network and database etc. Besides,
the following links talks about the DMZ and you could have a look and maybe they could give you some inspirations.