WebApp Sec mailing list archives
RE: Web app based on .net - best practice?
From: "Calderon, Juan C (CORP, DDEMESIS)" <Juan.Calderon () ddemesis ge com>
Date: Wed, 23 Apr 2003 12:10:46 -0400
**************** I thought it would be a good idea to have the presentation layer (asp) in a DMZ and the business layer (components in VB and C#) in a safe site behind a firewall. The communication in between would take place with RPC calls. **************** Well... If you are using .NET, RPC will not be the "correct" approach according Microsoft, but Web Services. Web Services are called in a RPC-like basis, this is, inserting a reference in a ASP.NET Project will allow you to call them as they were part of the project, Besides .NET Framework 1.1 (or 1.0 plus Web Services Enhancement Pack) provides WS-Security specification support. Perhaps, You'll find these documents interesting: "Security in a Web Services World: A Proposed Architecture and Roadmap" http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/securitywhitepaper.asp (it mentions DMZ) "Web Services Security" http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch10.asp Cheers :)
Current thread:
- Web app based on .net - best practice? Mads Rasmussen (Apr 23)
- RE: Web app based on .net - best practice? Dennis Hurst (Apr 23)
- Re: Web app based on .net - best practice? Alex Russell (Apr 23)
- RE: Web app based on .net - best practice? TUER, DON (Apr 23)
- RE: Web app based on .net - best practice? Shaji Sethu (Apr 23)
- <Possible follow-ups>
- RE: Web app based on .net - best practice? Calderon, Juan C (CORP, DDEMESIS) (Apr 23)
- RE: Web app based on .net - best practice? Harbar, Spencer (Apr 24)