At our company we are considering X-Cart for our new website.
We are a continuing education provider with a very wide costumer base. As an organization we have the guideline of securing our customer list as much as possible.
We feel that web servers are the most vulnerable piece of software. If an attacker got control of it they could in turn look for database client software libraries. If they are found they could initiate an attack on the database.
Our approach has been for some time not to have any database libraries installed in our DMZ, but instead the web server sends requests to a middle tier in our network. That middle tier in turn connects to the database and makes the neccesary updates and queries. So the database library is installed only in the server where the middle tier resides.
Here are some references to this approach
partitioned application" pattern in
Paragraph "Application partitioning is a well studied ..." in
My question is if this kind of architecture is possible with X-Cart. And if it is not what is the security approach taken in the architecture level and it's rationale.