The second NIC might work too. Our security is... um... lacking for sure
except in certain areas like payroll.

--
Mike Wills
http://mikewills.me


On Wed, May 25, 2011 at 12:47 PM, Charles Wilt <charles.wilt@xxxxxxxxx>wrote:

Depends...

First off, you're probably better off with a 2nd interface on the i
used to connect to the web server in the DMZ...

Secondly, you'd be better off with some sort of layer between the data
and the web server...it could be a web service layer or a stored
procedure layer. The web service layer is probably easier to secure
unless you've already got *PUBLIC *EXCLUDE set on all your objects (or
at least data). This is recommended in any event.

Charles


On Wed, May 25, 2011 at 12:41 PM, Mike Wills <mike@xxxxxxxxxxxx> wrote:
This is why the questions now. The more I think about replication, the
more
I hate the idea of getting the data back and forth with no problems. More
so, what kind of problems might there be by punching that hole in the
firewall. Is that just enough for a hacker to get into other stuff? I
guess
simply having that physical connection to the internal network could
allow a
break in if there are problems with the firewall. My thought is only
allowing traffic to HTTP or HTTPS to the i. We can then easily get data
back
and forth.

--
Mike Wills
http://mikewills.me


On Wed, May 25, 2011 at 11:33 AM, Charles Wilt <charles.wilt@xxxxxxxxx
wrote:

However, I'm not a fan of replication....

Ideally you could have a library with stored procedures (or views)
accessible to the app and make sure that only those objects are
accessible to the app.
--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.


--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.