firewall requirements for applications

["Shalla, Kevin" <kshalla () UIC EDU>]

We have an application that currently is protected by a firewall.  The
application (Windows executable) resides on a file share, and data on a
database server.  Managing the firewall for this application causes quite
a bit of grief.  I recently asked why we needed to keep it behind the
firewall, considering that we've got much more confidential data (our main
ERP), which is available through any web browser and java to any computer
on the Internet.  Is there some valid increased security risk to allowing
access to a Windows executable versus a java application?