You need to go through a PCI audit someday. You'll change your position very quickly :-)
From: Nathan Andelin [mailto:nandelin@xxxxxxxxx] Sent: Tuesday, April 23, 2013 8:24 PM
To: Midrange Systems Technical Discussion
Subject: Re: SSL and public facing web site on the i
Any web infrastructure guy would tell you to separate the database from your web server and place your web server in a DMZ ...
That's not always the best idea, nor the most secure. You end up with more systems to manage and more costs to cover.
If any security auditor visits your place you will be slapped on the wrist if you do what you are attempting.
That's not necessarily the case. The ignorant ones may push for an extra server in a DMZ. The smarter ones know that there are other ways to thwart hacking. I understand that many organizations place Web servers in a DMZ, while others don't put anything in a DMZ. They may just use inexpensive routers to map from one network segment to another.
Go buy a cheap linux or windows server and place it in the DMZ and have it access data on the i (if it request database access).
I'm not totally against placing a linux server in a DMZ. It could be used to perform reverse proxy, load balancing, DNS mapping, and SSL encryption services; Just forwarding requests to an IBM i HTTP server.
My main point is that IBM i offers an exceptional environment for hosting web applications as well as database services. More shops should use it.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact