0

Recently I am doing an investigation for creating a multiple tier application. Every topic that I have read suggests that the 3-tier architecture is better than the 2-tier architecture because by exposing the connection string of the database at the client side you create a big security hole at your system. All of these articles just explains that it is a bad idea to expose the location of the database and none of them explains why.

Can anybody help me and explain to me the threads of exposing the location of the database? I mean they will know the location but they will not know the username and the password in order to log in and to modify the database. What make the 3-tier architecture more safe than the 2-tier architecture? Is it only the extra hope in order to reach the database?

Thanks in advance, Constantin Patak

Constantin Patak
  • 1

1 Answers1

0

The connection string includes the username and password. If your client application can hit the database directly, then the user can inspect the client application and extract the connection credentials to do the same.

The middle tier will provide APIs which correspond to the operations you want clients to be able to perform. The client is shielded from the internal implementation which may or may not include a database. You will be able to change the implementation without affecting the client. Perhaps you will find that the load is so high you need to switch from RDS to NoSQL. The client doesn't need to know or change. Perhaps you will start caching some results without hitting your database. Again, the client doesn't need to know or change. This is why the industry has standardized around not hitting the database directly from client applications.

Jeremy Stein
  • 19,171
  • 16
  • 68
  • 83
  • Hi Jeremy. Thanks for your response. Isn't there a way to construct the connection string run time in order to not expose the username and the password and the establish a secure connection with the server in order to send them? As for the provided API you can add users in the SQL and grand only some of the permissions to the users that you have. I can understand the need for the application to abstract the DAL layer, but the topics I read specifically said that the connection string to the client is a security exposure. Sorry for persisting so much but I believe that I am missing something. – Constantin Patak Dec 24 '15 at 07:39
  • Sure, you can set the password at run-time, but how is your application going to get the password? If your app can retrieve it, so can the user. Database permissions can provide some security, but they're generally not granular enough to allow the client application to perform its operations but not allow anything else. For example, if you wanted to be able to only modify the rows it had created. You could do this with stored procedures, but at that point you're writing an application layer, just in a less-convenient language. – Jeremy Stein Dec 25 '15 at 15:50