LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Describe the three-tier architecture of a web application and the security implications of each tier.

Frontend (untrusted, runs on the user's device) → Backend (the real security boundary) → Database (isolated, no direct external access).

Three tiers stacked: untrusted frontend, backend as the primary security boundary, isolated database reachable only internally.

* The trust drops as you move outward: only the backend can be trusted to enforce security, so it guards the isolated database. *

Frontend → Backend → Database, each with different trust levels:

Tier Runs On Security Implication
Frontend (Client) User's browser/device Cannot be trusted — users can modify JS, forge requests, bypass client-side validation
Backend (Application) Your servers Primary security boundary — must validate all input, enforce authorization, protect against injection
Persistence (Data) Database servers Must be isolated — no direct external access, encryption at rest, strict access controls

Key rule: Each tier should only communicate with adjacent tiers — the frontend should never directly access the database.

Go deeper:

From Quiz: SPRG / Secure Architecture & Design | Updated: Jul 14, 2026