Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Security Question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Security Question" Watch "Security Question" New topic

Security Question

Rajan Choudhary
Ranch Hand

Joined: Mar 17, 2011
Posts: 196
I am just confused about the security of 2 tier architecture systems.

1) eEpractize Labs notes say, "Difficult because client has too much control on presentation, business and data"
2) Mark Cades second edition says, security is an advantage as most of these systems are behind the corporate

Can anyone please help & make me understand it from the SCEA part 1 perspective?
Question about Performance in 2 T systesm.

1) eEpractise says: Poor as each client requires a connection, no connection pooling. Raw data paased to the client causes high network traffic.
2) Mark Cade: Performance
is usually pretty good unless the company uses extremely old laptops
that have minimal memory.
Jeanne Boyarsky
author & internet detective

Joined: May 26, 2003
Posts: 33119

For the security one, I strongly disagree with Cade. Being behind the corporate firewall does not make you secure on its own.

For performance, it's a mixed bag. Connection pooling does help performance. But offloading the work to another computer does so even more. In this case, I lean towards Cade because there is less work to be done on the server.

This illustrates that some questions are subjective and you have to make your best guess. Even if you get some "wrong", it is ok because the passing score is so low.

[OCA 8 book] [Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
kumar naresh
Ranch Hand

Joined: Mar 12, 2011
Posts: 120
Security has to be applied in most of the levels in the tier

In case of 3 tier application, security validations are to be done
1) at java script level for validation
2) again at Web tier level to avoid (like SQL injection)
3) at enterprise level if ejbs are used.

apart from using HTTPS, Firewalls so in case of 2 tier architecture the above 3 points are not required but only at one validation would be enough.

So in 2 tier security is easier than to manage in 3/n tier. In n tier has levels get increased security has to be increased.

Rajan Choudhary
Ranch Hand

Joined: Mar 17, 2011
Posts: 196
Thanks Jeanne & Kumar.
I agree. Here's the link:
subject: Security Question
It's not a secret anymore!