what are the various security practices for a secure web-based application infrastructure. Is it really necessary to separate the web, app and db server?
