Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Web app based on .net - best practice?

RE: Web app based on .net - best practice?

From: Calderon, Juan C (CORP, DDEMESIS) <Juan.Calderon_at_ddemesis.ge.com>
Date: Wed, 23 Apr 2003 12:10:46 -0400

****************
I thought it would be a good idea to have the presentation layer (asp)
in a DMZ and the business layer (components in VB and C#) in a safe site
behind a firewall. The communication in between would take place with
RPC calls.
****************

Well... If you are using .NET, RPC will not be the "correct" approach according Microsoft, but Web Services. Web Services are called in a RPC-like basis, this is, inserting a reference in a ASP.NET Project will allow you to call them as they were part of the project, Besides .NET Framework 1.1 (or 1.0 plus Web Services Enhancement Pack) provides WS-Security specification support.

Perhaps, You'll find these documents interesting:
"Security in a Web Services World: A Proposed Architecture and Roadmap" http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/securitywhitepaper.asp (it mentions DMZ)
"Web Services Security" http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch10.asp

Cheers :)
Received on Apr 23 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos