A great way to safeguard your online web site is to get rid of all the business logic in the site and depend on the corporate web service that’s further back behind the firewall security level.
If you are not very sure exactly what a web services are, consider so that it is just like a secure web site which has no interface. In order to reach most web services to determine what they offer by keying them into my browser, but daily operations are in-band – no interface.
An example of the web service may be to calculate a customer’s current balance. That old style is always to place the SQL statement along with the communications parameters (including login and password) to get at the SQL server right online. Now, this is actually the outdoors website, so it features a little more contact with the negative side from the Internet. This really is really common practice and fairly secure, but there’s an easy method.
In your internal server, produce a web service which has the appropriate function – within this situation the purpose known as ‘GetCurrentBalance’. Within that function and safe from the web are all the SQL statements, connection strings and business logic which will provide the correct answer to the requestor.
Your customer site that is searching for any balance, now asks an easy question to the net service, and is definitely the answer. There are plenty of other steps – mostly authentication and security related, but final point here is that all the private and business information continues to be taken off that uncovered server.
One tangential benefit is you have no need for high-finish programmers to create pages that request a current balance [for instance]. One line that asks the net service can be treated by most ninth graders, so that you can use a bigger resource base upon your projects.
Another hidden benefit is the fact that although you need to (or should) write wrappers of these functions inside the web service, your code base can get homogenized and consolidated right into a single group of class libraries – something which is usually problematic if you have multiple web servers / applications. Microsoft and also the world will explain to compile and distribute these libraries, but it is a forced method of doing things.