 Protecting Sensitive
Application Logic
When it comes to handling application logic, FileUp Enterprise
Edition (FileUpEE) supports two basic coding paradigms.
For ease of use and to work within the familiar Windows 2-tier
framework, application logic can be put on the Web server layer.
The file server will save any uploaded files and download any
requested files automatically, as programmed on the Web server.
But for maximum security and simpler administration, most
programming logic should be put on the file server. Under this
paradigm, the Web server layer simply indicates where the request
is to be sent and forwards it on the file server. FileUpEE
serializes the entire HTTP request from the client, so all
HTML form elements are available on the file server layer.
 Without
FileUpEE, What's Accessible to Hackers?
- Database Connection Strings
- UNC Paths
- Mapped Drive Information
- User Names and Passwords
This ability to put programming logic on the file server instead
of on the Web server is an important security feature of FileUpEE’s
3-tier file transfer technology. It essentially hides all of
your sensitive data on the file server layer. Most information
security experts assert that the only way to keep information
secure it to keep data out of Web server scripts.
In a typical Microsoft 2-tier Web architecture, this approach
would cripple your Web application because you would be prevented
from doing any serious work with a database, the file system,
or your internal network. However, FileUpEE's 3-tier architecture
allows your Web application to maintain rich interaction with
other resources, while not exposing sensitive information on
the Web server layer. Because FileUpEE forwards all HTML form
elements to the file server, all application logic and sensitive
data can be removed from the insecure Web server layer and
hidden at the file server layer. | 
