functions described here, where each individual server may carry multiple functions
rather than a single function. The application server may coexist with the web server,
for instance. The implementation will be dependent on the needs of the application.
Application servers also take in HTTP and will generate HTML to be sent back out.
There may also be communication using XML between the client and the application
server. XML is a way of bundling up data to either be sent to the application server or
for data to be presented to the application. The application server will commonly be
language dependent. It may be based in Java, .NET (C# or Visual Basic), or even
scripting languages like Go, Ruby, or Python. In addition to the programming lan‐
guage used to perform the business functions and generate the presentation code, the
application server would also need to speak whatever language the data is stored in
(SQL, XML, etc.).
The application server implements the business logic, which means it handles the
critical functioning of the application, determining what to present to the user. These
decisions are commonly based on information provided by the user or stored on
behalf of the user. The data stored may be stored locally or, perhaps more commonly,
using some sort of backend storage mechanism like a database server. The application
server would be responsible for maintaining any state information since HTTP is a
stateless protocol, meaning every request from a client is made in isolation without
other mechanisms helping out.
An application server will commonly have the application in a prebuilt state rather
than in source code form. This would be different, of course, if the application server
were based on a scripting language. While those languages may be compiled, they are
often left in their text-based form. If an application server were to be compromised,
the functionality of the server could be manipulated if the source code were in place.
Worse than that, however, the application server is the gateway to sensitive informa‐
tion. This would be entirely dependent on the application, but the application server
would be responsible for retrieving and manipulating any data for the application.
The application then needs to be able to get access to the data, wherever it’s stored.
This means it knows where files may be or it would need credentials to any database
server that is used. Those credentials could be grabbed and used to gain direct access
to the data if the application server were to be compromised.
Database Server
The
database server
is where the crown jewels are stored. This, again, is entirely
dependent on the application. The crown jewels may be inventory for a business,
where a user could determine whether a business sells a particular product, or they
may be credit card information or user credentials. It would depend entirely on the
purpose of the application and what the business determined was important to be
stored. This is persistent storage, though a server that sat in the middle of the infor‐
