From: Mike Cunningham
He is dead set on the web app security model of having three pieces
of hardware in the mix, one server dedicated to the web server, one to
the applications server and one to the database server.
Conventional wisdom was that Microsoft runtime environments were more stable and scalable when workloads were simplified and separated between several hardware tiers.
Then someone who was seemingly pandering to Microsoft, came up with the notion that it would be more secure to host Web servers in a "demilitarization zone", which essentially means in a network address segment that was different from network segments hosting application and database servers.
The idea was that you would expose one IP address to the Internet, but not expose the IP segments used internally. It would be harder to hack multiple private network segments, with each using completely different IP address schemes. But if that's the case, one could define a DMZ with separate routers, instead of separate Web/Application/Database servers. So that a single Web/Application/Database server might be positioned behind any number of private network segments, using separate routers, and achieving the same effect - security wise.
Some folks mistakenly assume that I just pander to the IBM i CGI model, but that's not true. Like you, I follow the KISS principle. And although I use RPG for Web application development, I don't deploy any CGI applications.
I use the HTTP server for communication and static content only. My applications run in a separate subsystem. And with just a little effort, I could use IIS as a Web server, instead of the IBM i HTTP server.
But there's no need.
Nathan.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.