Re: Where are all of the /400's going.

["Nathan M. Andelin" <nandelin@xxxxxxxxxxxxxxxxxxx>]

From: "Joe Pluta" <joepluta@PlutaBrothers.com>

> If you read the thread, I carefully separated data
> into two categories: secured and unsecured.  This
> is a real and vital differentiation.

My idea of data is what you put in a database, records and fields.  In my
experience, the amount of data used for marketing and public awareness is
minimal.  Are you thinking otherwise?  Or would you agree that there is a
desire to protect the vast majority of data?

> Unless you have lots of extra processing power,
> there's really no reason to serve static web pages from
> your mission critical machine.

I agree that CPU is priced at a premimum on the 400.  On the other hand,
take into account opperational efficiencies.  Web applications and static
pages often share common graphics, style sheets, and other types of files.
It's easier to manage that on a single server as opposed to dividing it
between two servers.

The management argument works both ways.  I've listened to IIS / FrontPage
Webmasters argue to deploy Web applications on an Intel server for the same
reason.  Maybe they simply don't know the 400, and don't want to learn about
it.  Maybe the Webmaster resists having to ask for authorization to set up
directories in the IFS.  Just another hassle, in his mind.

Once you divide data and applications across platforms, watch the political
turf wars erupt.

> Mission critical data should reside on a machine
> that is only accessed through encapsulated server requests
> from trusted sources.  A middle tier should provide
> connectivity to the Internet.

My question is whether [router] <==> [firewall] <==> [400 http server
configuration] <==> [application level security] <==> [object level
authority] is sufficient?  It seems to me that such a configuration already
provides 5 layers of protection?

Nathan M. Andelin
www.relational-data.com