web application, data classification and database security

[test.future () gmail com]

Dear all,

In our organization, after several years of integration effort, now our database is integrated to one physical box. The 
web applications which require database access are all intranet with login. However, things change. Now we are 
developing internet web apps which need database access also, some require login, some not. We are also developing 
intranet no-login apps with database access. The DBA is very much concerned with the security of the database. Should 
we segregate internet and intranet application infrastructure? That means one set of web server, app server and 
database server for internet apps, another set for intranet apps. Or should we classify the apps based on whether they 
need login? Or data criticality classification? What's the industry best practices? Thanks for any advice. 

-------------------------------------------------------------------------
Sponsored by: Watchfire

It's been reported that 75% of websites are vulnerable to attack. That's 
because hackers know to exploit weaknesses in web applications. 
Traditional approaches to securing these assets no longer apply. Download 
the "Addressing Challenges in Application Security" whitepaper today, and 
see for yourself.

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmw
--------------------------------------------------------------------------