The place where stuff Happens

Three-Tier Architecture as a Security Mechanisms while Programming


A Three-Tier Architecture is a way of programming and designing applications and website. It highly flexible and it is very maintainable.

This will reduce the direct user interaction will the sensitive data. A three Tier will split the website into 

  • Data Access layer which this has direct access to the database (data source).

  • Business/logic layer which will process all the information, such as validation

  • And the presentation layer which will house the interface for the user to interact with. 


This of structure will properly handle major attack such as SQL Injection. This type of attack is when a malicious user writes SQL code within a form that may harm your data within a SQL server; it may also delete the entire Database. Another way to reduce such vulnerability is to deny the user within a database in the Data Source layer to drop tables.


A three-tier structure offers lots of authentication, authentication limits user on what they can access and what can they modify and edit or delete.

Data Source Authentication

Authentication will be added to the site, such as authorized personnel can access parts of the database depending on what type of roles is assigned to him/her. To main roles within the system is the administrator which will be granted full permission and the other one is the registered user which will be limited on what he can do within the site.

Roles are accessed from Data Access and then form the Business Logic which will contain all the validation of the user.


  • This will remove unwanted users accessing sensitive data within the database
  • Data inserted will be less likely to be invalid because it is inputted by Administration.

Business/Logic Authentication

All the instructions sent from the presentation layer is sent through validation and authentication within the methods in Logic/Business Layer. Users are limited to specific methods depending of what roles/permission is assigned to them.


  • This will greatly limit the user direct access to data.

Form Authentication (Presentation layer)

Another type of authentication to be used in the site is Form Authentication which is available out of the box with ASP.NET.  Form Authentication uses cookies to track users, this will allow user to enter certain site depending on what of roles or permission is granted with the user.


  • Available Standard with and it is free.
  • Custom authentication depending on what is in the data source.




Authentication will reduce unwanted users to access the data within the database; hacker’s generally try to exploit this, Bad authentication will render the system vulnerable but with this level of authentication the system is very secure.





blog comments powered by Disqus