> Separating the web server from application server adds almost zero practical security. Sometimes. For an application on an exclusive platform, then that's a fair observation. For a platform that hosts multiple applications, then separating the applications on to discrete servers helps to compartmentalise any failures to a single application. Martin... ---------------------------------------------------------------------- CONFIDENTIALITY: This e-mail and any files transmitted with it are confidential and intended solely for the use of the recipient(s) only. Any review, retransmission, dissemination or other use of, or taking any action in reliance upon this information by persons or entities other than the intended recipient(s) is prohibited. If you have received this e-mail in error please notify the sender immediately and destroy the material whether stored on a computer or otherwise. ---------------------------------------------------------------------- DISCLAIMER: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of Corsaire Limited, unless otherwise specifically stated. ---------------------------------------------------------------------- Corsaire Limited, Head office: Unit 2 Grosvenor Court, Hipley Street, Old Woking, Surrey GU22 9LL. Telephone: +44 (0)1483-746700. Registered in England No. 3338312. Registered office: Communication House, Victoria Avenue, Camberley, Surrey GU15 3HX