From: John Jones
Placing a database in the DMZ is a direct violation of PCI DSS 1.3.7.


More specifically PCI DDS 1.3.7 states:

"Place system components that store cardholder data (such as a database) in an
internal network zone, segregated from the DMZ and other untrusted networks."

By definition, a DMZ is an untrusted network, so why place ANY server, including
a Web server, or an application server, let alone a database server in a DMZ?
Set up a network with multiple private network segments (zones), separated by
firewall routers and place your IBM i server in a secure network zone.

John, the problem I'm having with your posts is that they imply that if you open
up an HTTP service under IBM i, then it violates PCI and other best practices,
and may be less secure than front-ending an IBM i with a commodity web server
running in a separate network segment. I disagree with that, but if you feel so
strongly about it, I'd suggest that the commodity web server run Apache as a
reverse proxy and simply forward Web requests to an IBM i HTTP service.

-Nathan

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.