It seems like life would be simple to run the database server on the same machine as the web server, but are we taking a big secuirty risk by doing this?
The environment will be Windows 2008 server, Postgresql (latest version, possibly 9.0 when it comes out) and Apache 2.
Not necessarily.
Assuming your web server gets compromised the attacker will still gain the credential to access the same databases, no matter what server they run on. After all, the database server will still need to be configured to allow legitimate request from the web server.
(Assuming sensible security measures such at mysqld not accepting password-less root login from localhost.)
That being said, you might still want to run a separate database server. The reason for that being related to performance, scalability, etc.
I disagree with the posters stating that this isn't a security concern, and here's why:
It would really depend on the security model of your Web and DB servers (that is, the software), as well as the degree of firewalling/access control/IDP you'd enforce on the two were they on separate servers.
All else being equal, it is probably the case that it's better to separate the two. Practically, however, at least in a LAMP environment, so long as you're using privsep Apache (if you aren't sure, don't worry, you are) and aren't using the root login to MySQL in your webapp, and you don't have tcp/3306 exposed to the outside world, you're not really gaining much security by moving one or the other onto a different piece of silicon. You do gain performance and debug-ability benefits, though.
Your question is in the style that appears to require an absolute answer, but without more information (at minimum, what OS and web/DB server flavors we're talking about), it's hard to even give an informative one.
I don't see much additional security risk putting the database and web servers on the same hardware. If the web server is breached the data is accessible anyway. Security is not the typical reason for segregating tiers.
In either case you want to make sure that the database server is listening on non-standard ports, will only respond to requests from the web server, and that the firewall only allows http/s requests to the web server and no other ports or addresses.
Nonetheless, separating them is good practice .. each server is easier to manage and configure, and you can deal with failures, problems, rebuilds, performance issues, etc. more easily moving forward. So, you might consider two virtual servers on the same hardware, which can then be separated when performance or capacity requires it.
I wouldn't - but that's me.
It depends on what's in front of your box (i.e. firewalls, load-balancers etc.) and how 'tight' they are, what the actual data is (i.e. now-impact publically available data at one end, national secrets at the other), whether there's any performance impact on combining them, the strength of the network between them both (i.e. inter-tier firewalls) and the quality of OS/app hardening that will be applied.
If you're not expecting this system to have to deal with too much load one thing you could consider would be to virtualise the system into two separate VMs; one per function - possibly with a third software-only firewall VM between them even. This would mean that even if someone cracked your web server they'd have to then crack the database server and, if included, an intermediatary firewall VM. Of course this would reduce the overall system performance but would be at least to some degree more secure and could also help if your load ever grew to requiring a two server design as you could simply move one VM over to the second machine. VMWare's free ESXi product could do this all pretty easily and there are already free firewall VMs prepackaged ready for implementation if you wanted.
