MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » September 2001

RE: Curious about Web deployment



fixed

IIS too is limited by the HTTP protocol. I agree that it is important to
place a firewall in front of the servers, but that recommendation exists
regardless of the back end web server. A PROPERLY configured and maintained
IIS box is rather secure.

Cindi, I'd ask what is wrong with the current scenario? Are there specific
problems that need to be addressed? As far as enabling the 2E code, Release
7 of 2E (now a CA product) allows you to extract business logic from the
display functions and make external functions from them. These external
functions can then be called from the web server or application server as
needed. It works rather well and is a far cry from "rewriting" the
application.

-Walden
------------
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
WaldenL@TechSoftInc.com
http://www.TechSoftInc.com


PS. Nathan, I'm glad that you and Joe have both had the opportunity to plug
your respective products in response to this question.

-----Original Message-----
From: Nathan M. Andelin [mailto:nandelin@relational-data.com]
Sent: Monday, September 24, 2001 4:27 PM
To: midrange-l@midrange.com
Subject: Re: Curious about Web deployment


Hi Cyndi,

It sounds like your NT boxes, Active Server Pages, and socket programs
provide a security layer between the Internet, and your AS/400.  In a sense,
your AS/400 is still connected to the Internet, but your home-grown
"gateway" controls access to it.  You've created your own firewall.

If a good hacker were to break into one of your NT servers, would it be
possible to then use ODBC, or Telnet, or FTP to bypass the socket programs
you've put in place?  If so, then most commercial firewalls (the black box
type) provide more restrictions than what you currently have.

You may actually get better security by enabling the OS/400 HTTP Server, and
using a commercial firewall to filter access to it.  Your NT servers may be
the weakest links in the chain.  Even providing a staging area for future
unauthorized access to your AS/400.

I'd bet that the OS/400 HTTP Server, combined with a commercial firewall,
provides better security than most network configurations that involve NT
servers.  Especially if any of the NT servers are connected to both the
Internet, and to the AS/400 via TCP/IP.

The OS/400 HTTP Server is constrained by a limited protocol (HTTP), by
limited functionality (basic HTTP functions), by running under a user
profile that has limited access to OS/400 resources, and by OS/400 object
level authorities.

So I use IBM's HTTP Server.  But I supplement it with my own message server,
which has it's own protocol, and provides another layer of security.  The
message server enables RPG applications to process Web requests and
dynamically generate HTML responses.  The name of this product is
Relational-Web.  I'm the author of it.  And you can find more information
about it at my Web site.

Nathan M. Andelin
www.relational-data.com


----- Original Message -----
From: "Cyndi Bradberry" <CyndiB@IHFA.ORG>
To: "'MIDRANGE-L@midrange. Com' (E-mail)" <MIDRANGE-L@midrange.com>
Sent: Monday, September 24, 2001 10:37 AM
Subject: Curious about Web deployment


> I'm curious. Currently we have 3 internet sites and 1 intranet site in
place
> all being served from NT boxes with the AS/400 as the backend database.
All
> communication is done via socket programs on the 400 and ASP (VBScript) on
> the NT box.
>
> What other methods are there to serve data without placing the AS/400 onto
> the internet ?  It is preferred that we not use HTTP server on the AS/400.
> We have a project now to convert an existing application structure (413
> programs) originally developed in SYNON converted to RPGLE (OPM model) to
a
> GUI / Web application.  This will be delivered to 40 + users over a
> statewide WAN.
>
> AS/400 is a 730 at V4R4, current on Cume's.
>
> Cyndi B.
> Boise, ID


_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact