From: albartell

Again, the argument seems to come back consistently to the fact that you
don't like Java.

You keep labeling me as a anti Java guy. I USE JAVA ALMOST EVERY DAY! By
using it everyday (in a different capacity than you) I have come to find
that it is not as good a choice for most things on the System i5 when you
are talking about a shop that is primarily RPG. Hopefully we can lay this
one to rest.

But that's what I say all the time, Aaron. Java stinks for business logic.
But it is simply unmatched in its ability to do static solution-set tasks:
things with well-defined rules that don't change, like, say, formatting
HTML. That sort of repetitive, hierarchical task is perfectly suited for
Java.


Simplest answer? DOS attacks. If your primary business machine has no
Internet connection, it cannot be affected by Denial of Service.

I am not a network guy so I may be speaking out of turn here, but can't
DOS
attacks and the like be handled by network appliances vs. needing a
dedicated server to host your UI layer?

While simple DOS attacks can indeed be handled by "flood filters", DDOS
(distributed denial of service) attacks are almost impossible to handle
programmatically via a network device.


I have never implemented a DOS
attack, but if I were to I would imagine I would figure out a path into an
application that emulated a users visit and repeat that many times over in
an automated fashion from many machines. In that case the front end on
your
other box is processing each request and communicating to the backend
server
the same as before, but now it is exponentially more traffic on both the
JSP server and the i5 - correct?

The concept behind DOS attacks is that they are unauthenticated attacks
designed specifically just to overrun your machine. If only authenticated
session actually make it from the DMZ to the production machine, then by
definition the DOS attacks stay in the DMZ. Now, if you allow anonymous
(unauthenticated) sessions to run business applications (as you might, for
example, with a store front), then you have a different design issue.

And note that even with a DMZ, a DDOS still screws your Internet
connectivity, but your production machine is not affected and you can still
access it via secured private networks and/or traditional terminal access.


Like I said, I am not a network guy but I
would have to imagine that even in your JSP server scenario you would
still
want a network appliance taking care of repetitious calls from the same IP
(or whatever the algorithm is for DOS attack detection).

That's the difference between DOS and DDOS. You might want to actually talk
to someone who does this sort of thing for a living; that's how I learned.
There are a lot of good articles out there. Here's an introductory one:

http://articles.techrepublic.com.com/5100-6350_11-5756029.html

Joe


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.