There’ll always be a necessity to provide customers private and sensitive information from an online Server & application. In the past all this logic has resided on the internet server, but you will find new methods to disconnect the web out of your sensitive information but still provide the customer what they need.
A great way to safeguard your online web site is to get rid of all the business logic in the site and depend on the corporate web service that’s further back behind the firewall security level.
If you are not very sure exactly what a web services are, consider so that it is just like a secure web site which has no interface. In order to reach most web services to determine what they offer by keying them into my browser, but daily operations are in-band – no interface.
An example of the web service may be to calculate a customer’s current balance. That old style is always to place the SQL statement along with the communications parameters (including login and password) to get at the SQL server right online. Now, this is actually the outdoors website, so it features a little more contact with the negative side from the Internet. This really is really common practice and fairly secure, but there’s an easy method.
In your internal server, produce a web service which has the appropriate function – within this situation the purpose known as ‘GetCurrentBalance’. Within that function and safe from the web are all the SQL statements, connection strings and business logic which will provide the correct answer to the requestor.
Your customer site that is searching for any balance, now asks an easy question to the net service, and is definitely the answer. There are plenty of other steps – mostly authentication and security related, but final point here is that all the private and business information continues to be taken off that uncovered server.