• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

A mock question about common architecture

 
Ranch Hand
Posts: 186
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, friends
I find such a question in a mock exam

What are the benefits of a three-tier J2EE application achitecuture?

1)Saclability
2)Manageability
3)Security
4)Availability


My answer is 1) and 4), but the right answer is 1), 4) and 3)

I've ever read this:

What is end-to-end security? In a multitier system, each tier should have its own security and work in tandem with the other tiers. Designing security where different systems and middleware come together is quite a challenge. Simply put, system security is only as strong as the weakest link and, unless you consider security from an end-to-end viewpoint, it is subject to being broken.



I think it means that the more tiers a system involved, the weaker the system is likely to be.

At least, I cant see any benefits of a three-tier architecture as compared with the 2-tier architeture in terms of Security.


What do you think?
Thanks
[ February 25, 2005: Message edited by: James Du ]
 
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi James,

look at this site:

http://java.sun.com/j2ee/sdk_1.2.1/techdocs/guides/j2ee-overview/Introduction.fm.html


Gustavo
 
James Du
Ranch Hand
Posts: 186
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thinks, Gustavo

I read the article but can yet find the answer.
 
James Du
Ranch Hand
Posts: 186
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thinks, Gustavo

I read the article but can yet find the answer.

The question is worded as

What are the benefits of a three-tier J2EE application architecture?



What kind of architecture should we take as the reference, when we talk about the J2EE application architecture? traditional client/server system, or 2-tier J2ee application model?

If we emphasize 3-tier, then I cant see that 3-tier is more secure than the 2-tier one. if we emphasize J2EE application architecture, there's such a phrase in the article

The J2EE application model defines an architecture for implementing services as multi-tier applications that avoid these problems and deliver the scalability, accessibility, and manageability that is needed.



It seems that option 2 is also right. What do you think?

Thanks
James
[ February 25, 2005: Message edited by: James Du ]
 
Gustavo Dutra
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well James,

I think we will discover the answer together...


What kind of architecture should we take as the reference, when we talk about the J2EE application architecture? traditional client/server system, or 2-tier J2ee application model?



I think n-tier(5 is a good number )
is the appropriate reference, 3-tier is the minimum, you
can break the middle tier (presentation,business and integration).

There is an article that enumerate the tiers:
1.web-client
2.presentation
3.business
4.integration
5.resource


Scalability

If the middle tier is separate (3-tier approach) you can make a cluster of computers to increase, you can make a cluster on the web or application server.

Availability
Availability is the same about scalabity, but it depends a lot on the configuration of the balance to work properly


Security
You have security on the web container and on the ejb container, either declarative and progrmmatic...

Manageability

cade says on his book:

Manageability is the ability to manage the system to ensure the continued health of a system with respect to scalability, reliability, availability, performance, and security. Manageability deals with system monitoring of the QoS requirements and the ability to change the system configuration to improve the QoS dynamically without changing the system. Your architecture must have the ability to monitor the system and allow for dynamic system configuration.



I think manageability is true.... it is transparent for your "Business Logic", "Presentation Logic" and "Controller" if there is a cluster or if there is a replication, this is a container responsability .

Let start a discussion....

[ ]s

Gustavo
 
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Security: because you have more control on security in 3-tier app than in 2-tier, also reduce direct connetion from the client to the db server, etc.

3-tier's manageability decreased because you have more components/configurations to take care of. J2EE improves 3-tier's manageability (but not 2-tier's manageability).
 
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi James,

I think Gustavo is right, J2EE security model is definitely better than a traditional client/server security model.

First of all, J2EE has different security domains, thus, breaking into one does not automatically gives the intruder access to the rest of the domains (that cannot be true for the client/server)

Secondly, Denial Of Service is a real security threat, and J2EE by the virtual of have more tier is more resilient to that. (Of course, a good firewall can help alot)

Lastly, security setting can be done at J2EE containers, thus providing
another additional layer of security which the server administrator can fine-tune (whereas client/server can only be done programmatically)

Just 2 cents worth, HTH.

Regards,
Yong How, Lim
SCEA, SCJD, SCJA
 
James Du
Ranch Hand
Posts: 186
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks.

Hi, Gustavo, I think in traditional C/S architecture, we can design and implement any level of security which is suitable for the system requirements. The J2EE architecture just makes this a BASIC service which can be used directly by the developers, free them of redeveloping them from the scratch, in this regard, J2EE do provide some benefits. As for the LEVEL of the security, I think we can build a more secure system with C/S model than that of J2EE since there's no limitations of any contract to follow.


Hi, Yong How Lim

First of all, J2EE has different security domains, thus, breaking into one does not automatically gives the intruder access to the rest of the domains (that cannot be true for the client/server)



for this, could you give a concreate example?
and for this,

Secondly, Denial Of Service is a real security threat, and J2EE by the virtual of have more tier is more resilient to that. (Of course, a good firewall can help alot)



Why more tiers means a natural resilience of Denial Of Service?

Thanks
 
Yong How, Lim
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Security Domain :
http://www.awprofessional.com/articles/article.asp?p=102095&seqNum=3

also read this for DDOS :
http://news.zdnet.co.uk/internet/ecommerce/0,39020372,39166155,00.htm

My advise is for you to read the "Enterprise JavaBeans" of Richard Monson-Haefel.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic