I'm researching the "Best Practices" for connecting and securing a public web database. Consider the following:
Web app will be .Net. Database is Sybase 12.5.3 running on Solaris.
The company requires a web server | DMZ | database server topology.
The discussion is between keeping the authentications on a server in the DMZ and having a trusted connection to the db server or having the db server authenticate the users.
One group believes authentications in the DMZ will prevent users from hitting the backend. The other group believes it a waste of time because the database will need to authentication them anyways.
Could you point me to published articles on the subject?
Thank you,
Mark W. Holmes
Software engineers are trained to read and understand code; they are not trained in mind reading. Document the purpose not just the functionality.