IIS too is limited by the HTTP protocol. I agree that it is important to place a firewall in front of the servers, but that recommendation exists regardless of the back end web server. A PROPERLY configured and maintained IIS box is rather secure. Cindi, I'd ask what is wrong with the current scenario? Are there specific problems that need to be addressed? As far as enabling the 2E code, Release 7 of 2E (now a CA product) allows you to extract business logic from the display functions and make external functions from them. These external functions can then be called from the web server or application server as needed. It works rather well and is a far cry from "rewriting" the application. -Walden ------------ Walden H Leverich III President Tech Software (516)627-3800 x11 WaldenL@TechSoftInc.com http://www.TechSoftInc.com PS. Nathan, I'm glad that you and Joe have both had the opportunity to plug your respective products in response to this question. -----Original Message----- From: Nathan M. Andelin [mailto:firstname.lastname@example.org] Sent: Monday, September 24, 2001 4:27 PM To: email@example.com Subject: Re: Curious about Web deployment Hi Cyndi, It sounds like your NT boxes, Active Server Pages, and socket programs provide a security layer between the Internet, and your AS/400. In a sense, your AS/400 is still connected to the Internet, but your home-grown "gateway" controls access to it. You've created your own firewall. If a good hacker were to break into one of your NT servers, would it be possible to then use ODBC, or Telnet, or FTP to bypass the socket programs you've put in place? If so, then most commercial firewalls (the black box type) provide more restrictions than what you currently have. You may actually get better security by enabling the OS/400 HTTP Server, and using a commercial firewall to filter access to it. Your NT servers may be the weakest links in the chain. Even providing a staging area for future unauthorized access to your AS/400. I'd bet that the OS/400 HTTP Server, combined with a commercial firewall, provides better security than most network configurations that involve NT servers. Especially if any of the NT servers are connected to both the Internet, and to the AS/400 via TCP/IP. The OS/400 HTTP Server is constrained by a limited protocol (HTTP), by limited functionality (basic HTTP functions), by running under a user profile that has limited access to OS/400 resources, and by OS/400 object level authorities. So I use IBM's HTTP Server. But I supplement it with my own message server, which has it's own protocol, and provides another layer of security. The message server enables RPG applications to process Web requests and dynamically generate HTML responses. The name of this product is Relational-Web. I'm the author of it. And you can find more information about it at my Web site. Nathan M. Andelin www.relational-data.com ----- Original Message ----- From: "Cyndi Bradberry" <CyndiB@IHFA.ORG> To: "'MIDRANGE-L@midrange. Com' (E-mail)" <MIDRANGE-L@midrange.com> Sent: Monday, September 24, 2001 10:37 AM Subject: Curious about Web deployment > I'm curious. Currently we have 3 internet sites and 1 intranet site in place > all being served from NT boxes with the AS/400 as the backend database. All > communication is done via socket programs on the 400 and ASP (VBScript) on > the NT box. > > What other methods are there to serve data without placing the AS/400 onto > the internet ? It is preferred that we not use HTTP server on the AS/400. > We have a project now to convert an existing application structure (413 > programs) originally developed in SYNON converted to RPGLE (OPM model) to a > GUI / Web application. This will be delivered to 40 + users over a > statewide WAN. > > AS/400 is a 730 at V4R4, current on Cume's. > > Cyndi B. > Boise, ID _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l or email: MIDRANGE-Lfirstname.lastname@example.org Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact