aspose file tools*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Security Question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Security Question" Watch "Security Question" New topic
Author

Security Question

Rajan Choudhary
Ranch Hand

Joined: Mar 17, 2011
Posts: 196
Hi,
I am just confused about the security of 2 tier architecture systems.

1) eEpractize Labs notes say, "Difficult because client has too much control on presentation, business and data"
2) Mark Cades second edition says, security is an advantage as most of these systems are behind the corporate
firewall.

Can anyone please help & make me understand it from the SCEA part 1 perspective?
-------------------------------------------------------------------------------------
Question about Performance in 2 T systesm.

1) eEpractise says: Poor as each client requires a connection, no connection pooling. Raw data paased to the client causes high network traffic.
2) Mark Cade: Performance
is usually pretty good unless the company uses extremely old laptops
that have minimal memory.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 29219
    
134

For the security one, I strongly disagree with Cade. Being behind the corporate firewall does not make you secure on its own.

For performance, it's a mixed bag. Connection pooling does help performance. But offloading the work to another computer does so even more. In this case, I lean towards Cade because there is less work to be done on the server.

This illustrates that some questions are subjective and you have to make your best guess. Even if you get some "wrong", it is ok because the passing score is so low.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
kumar naresh
Ranch Hand

Joined: Mar 12, 2011
Posts: 117
    
    1
Security has to be applied in most of the levels in the tier

In case of 3 tier application, security validations are to be done
1) at java script level for validation
2) again at Web tier level to avoid (like SQL injection)
3) at enterprise level if ejbs are used.

apart from using HTTPS, Firewalls so in case of 2 tier architecture the above 3 points are not required but only at one validation would be enough.

So in 2 tier security is easier than to manage in 3/n tier. In n tier has levels get increased security has to be increased.


OCMJEA 5 |
http://sceacertification.blogspot.in/2011_12_01_archive.html
Rajan Choudhary
Ranch Hand

Joined: Mar 17, 2011
Posts: 196
Thanks Jeanne & Kumar.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security Question
 
Similar Threads
How to understand "Lock the database"
Question about EJB.
Oracle Sample Question - Contradiction with Cade's study guide
Question about EJB ?
Another mock exam for Test 340 and Ansers