Also remember that an "antivirus" is not always necesary and is never enough.

Matt Olson wrote:

Exactly. Don't be ignorant of security design best practices.

-----Original Message-----
From: Raul A. Jager W. [mailto:raul@xxxxxxxxxx] Sent: Wednesday, April 24, 2013 10:23 AM
To: Midrange Systems Technical Discussion
Subject: Re: SSL and public facing web site on the i

Bad tings happen when an ignorant is given the power to aprove something.

Matt Olson wrote:


You need to go through a PCI audit someday. You'll change your position very quickly :-)

-----Original Message-----
From: Nathan Andelin [mailto:nandelin@xxxxxxxxx]
Sent: Tuesday, April 23, 2013 8:24 PM
To: Midrange Systems Technical Discussion
Subject: Re: SSL and public facing web site on the i




Any web infrastructure guy would tell you to separate the database
from your web server and place your web server in a DMZ ...



That's not always the best idea, nor the most secure. You end up with more systems to manage and more costs to cover.




If any security auditor visits your place you will be slapped on the wrist if you do what you are attempting.


That's not necessarily the case. The ignorant ones may push for an extra server in a DMZ. The smarter ones know that there are other ways to thwart hacking. I understand that many organizations place Web servers in a DMZ, while others don't put anything in a DMZ. They may just use inexpensive routers to map from one network segment to another.




Go buy a cheap linux or windows server and place it in the DMZ and have it access data on the i (if it request database access).


I'm not totally against placing a linux server in a DMZ. It could be used to perform reverse proxy, load balancing, DNS mapping, and SSL encryption services; Just forwarding requests to an IBM i HTTP server.

My main point is that IBM i offers an exceptional environment for hosting web applications as well as database services. More shops should use it.

-Nathan.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.