|
I was just wondering how safe this is or hack-resistant because we have
windows backers saying that it is not and arguing that everything should be written in .net using ODBC. Wow. All I can say is Wow. Sounds like those Windows backers found the Microsoft Kool-aid in the break room drink dispenser. Don't they read their security threat emails!? I would start by teaching them how security is actually implemented on the iSeries so they have a better understanding of the vulnerabilities. Of course I shouldn't talk as I drink iSeries Kool-aid, but mine is organic;-) Aaron Bartell -----Original Message----- From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Kevin Touchette Sent: Monday, January 29, 2007 1:04 PM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] System i web accessibiltiy setup Nathan, I was vague in my post, the tcp/ip address is assigned to an external router and the router directs only port 80 traffic to one of the tcp/ip cards and we monitor for only that traffic on the system i. We also do some netword translation so the external address is routed to an internal one. I was just wondering how safe this is or hack-resistant because we have windows backers saying that it is not and arguing that everything should be written in .net using ODBC. I'm trying to build my case. Currently we have a lot of RPG web applications running on these systems. Kevin Touchette -----Original Message----- From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Nathan Andelin Sent: Monday, January 29, 2007 12:04 PM To: Web Enabling the AS400 / iSeries Subject: Re: [WEB400] System i web accessibiltiy setup
From: Kevin Touchette <KTouchette@xxxxxxxxxxxx> We are faced with putting our system I boxes on the web...
Not to be pedantic, but allowing packets to be routed between an internal router / firewall to the System i is not precisely putting the System i "on the Web", so to speak. The public IP address should be assigned to a router / firewall, not to the System i. Nobody should be accessing the System i directly from the Internet. Network security should be handled by network devices, such as routers and firewalls, while application security should be handled by System i applications, such as the Apache based HTTP server, and other applications. It makes more sense to use network devices to handle network security, rather than say inserting a Windows server in the topology, simply because Windows is less secure, and adds complexity, but anyone advocating that Web applications run under Windows won't go along with that. Proponents of Windows based Web applications sometimes try to make an issue over allowing System i applications to manage application-level authentication and authorization, but it simply doesn't make sense. They may site consultants reports specifying a "secure topology", using distributed application servers, but overall, it doesn't make sense from a security perspective, no matter how many respected organizations are promoting it. They're promoting it because they're promoting distributed architectures, under the guise of network security, but it doesn't make sense. Nathan M. Andelin ________________________________________________________________________ ____________ Want to start your own business? Learn how on Yahoo! Small Business. http://smallbusiness.yahoo.com/r-index -- This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/web400. This email has been scanned by Washington Corporations IT Services using Message Labs Spam Filtering Technology. If this e-mail is SPAM that you no longer want to receive, please forward this e-mail to spamadmin@xxxxxxxxxxxx . If you are experiencing any other e-mail problems, please call the IT Service Center at 406-523-1620.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.