Abstract: By combining three-tier Client/Server application software security control system model, this paper puts forward a kind of security control system model of distributed application software based on extended Client/Server, adds application interface tier and data interface tier to original model, and screens fuzzy boundary between the tiers in the original model. This design makes every logical tier change alone, and helps to build model of architecture and to implement consistency of the system, further strengthens the retractility and flexibility of distributed application, then designs the frame of the security control system by using the model based on four-tier Client/Server. Finally, the security verification is implemented on Web by using extended Web server of the system.

Key words: extended Client/Server model, data interface tier, application interface tier, authentication, Web server, system architecture