>I think this point number 2 is pretty important. If at all possible, keep
> the webapp separate from the database, and keep the database
> server on a fairly restrictive firewall. This means that someone has
> got to get in to the webapp, then hop to the database server, it just
> adds another layer of mis-direction for any would-be evil doers.
Which are the authentication methods "recommended" in this
scenario? It sounds to me that no matter the auth mechanism,
if a user can connect to the webapp server with the user that runs
the webapp there's no way of avoiding the connection to the db
(since the user will then be free to see/do whatever the webapp was
seeing/doing).