This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Security Question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Security Question" Watch "Security Question" New topic
Author

Security Question

Rajan Choudhary
Ranch Hand

Joined: Mar 17, 2011
Posts: 196
Hi,
I am just confused about the security of 2 tier architecture systems.

1) eEpractize Labs notes say, "Difficult because client has too much control on presentation, business and data"
2) Mark Cades second edition says, security is an advantage as most of these systems are behind the corporate
firewall.

Can anyone please help & make me understand it from the SCEA part 1 perspective?
-------------------------------------------------------------------------------------
Question about Performance in 2 T systesm.

1) eEpractise says: Poor as each client requires a connection, no connection pooling. Raw data paased to the client causes high network traffic.
2) Mark Cade: Performance
is usually pretty good unless the company uses extremely old laptops
that have minimal memory.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30356
    
150

For the security one, I strongly disagree with Cade. Being behind the corporate firewall does not make you secure on its own.

For performance, it's a mixed bag. Connection pooling does help performance. But offloading the work to another computer does so even more. In this case, I lean towards Cade because there is less work to be done on the server.

This illustrates that some questions are subjective and you have to make your best guess. Even if you get some "wrong", it is ok because the passing score is so low.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
kumar naresh
Ranch Hand

Joined: Mar 12, 2011
Posts: 119
    
    1
Security has to be applied in most of the levels in the tier

In case of 3 tier application, security validations are to be done
1) at java script level for validation
2) again at Web tier level to avoid (like SQL injection)
3) at enterprise level if ejbs are used.

apart from using HTTPS, Firewalls so in case of 2 tier architecture the above 3 points are not required but only at one validation would be enough.

So in 2 tier security is easier than to manage in 3/n tier. In n tier has levels get increased security has to be increased.


OCMJEA 5 |
http://sceacertification.blogspot.in/2011_12_01_archive.html
Rajan Choudhary
Ranch Hand

Joined: Mar 17, 2011
Posts: 196
Thanks Jeanne & Kumar.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Security Question