I’m reading about architecture and found the following expression:
For instance, in a 2-tier Windows Forms or ASP.NET application, the machine running the interface code must-have credentials to access the database server. Switching to a 3-tier model in Which the data access code runs on an application server machine running the Means That code no longer the interface Needs Those credentials, making the system Potentially more secure. (Rockford Lhotka)
I can not Realize why i should use 3-tier app.
In a three-tier application, the middle tier (the application server) controls all access to data, so it is possible to specify very fine and specific access control rules (in code), much more than the database itself offers. Whatever an end-user wants to do, has to go through your code (in a two-tier application, the end-user “directly” talks to the database).
OTOH, if you stop using the database access protections, securing the data is now entirely up to your application and coding errors can create huge security holes.