Well the System i Developer web site (www.systemideveloper.com) is used to take conference registrations, including credit card payments. We also allow attendees to sign in and select the sessions they wish to attend, retrieve session details and handouts on a mobile device, etc. etc. All of this in addition to a bunch of functions to manage the event itself from building the grids to stats to building spreadsheets to ...
All of this is done with a mixture of PHP (most of the front-end) and RPG in the way of called programs and stored procedures. Heavy use of SQL. The front-end also uses jQuery to provide a more modern interface and deal with browser compatibility issues.
Credit card processing is via a gateway service with our parts of the interface written in PHP. If we were doing it over we would have used one of the IBM i literate services such as that offered by KrengelTech, JetPay, Curbstone and others - but we inherited this system from the days before it was hosted on IBM i and it was simpler just to stay with it.
Our biggest issue was that in order to get PCI compliance we had to shut down all of the ports except the HTTP/S ones. We now use a VPN for all intranet type functionality - since we are all scattered around the world and travel a lot that was a given - had it been possible to limit access simply via the external firewall life would have been much simpler. When I say "had" I don't mean that quite literally - but rather in terms of practicality. We could have worked each of the PCI issues in turn and eventually got a pass - but it was not worth the time, energy and cost given that we only run three or four events a year.
As far as your selections - if you have 5250 code that can potentially be adapted to the purpose then consider one of the Open Access tolls such as those from Profound, loo, Asna, Rocket, etc. All of those can be used to build from scratch using your existing RPG knowledge. If you are building from scratch then I still believe that PHP is the easiest of the web oriented languages for an RPGer to learn. There are also many low-cost or free PHP tools that can assist in the building of a complete shopping cart system.
As to security - other than as noted earlier - security is the same no matter which tools you use. There are many resources out there that will suggest best practices for you. A lot of people like to use a separate partition to route internet traffic rather than put their "real" system on the net - for us that has not been an issue but I understand the rationale. Others will run a Linux partition or Linux on a separate box - I'll leave ether to comment on the benefits of doing so.
On 2013-10-23, at 1:16 PM, "Graves, Chuck" <cgraves@xxxxxxxxxxxxxx> wrote:
I'm trying to put together (i.e. understand) what the best options (tools) are for providing external access to iSeries data via the internet and allow customer driven inquiry and on-line payment for invoices. I know there seems to be dozens of tools and options, and obviously security is an issue. So, please if you've "been there, done that" point me in the right direction.
Thanks in advance
[Rodda Paint Company!] Chuck Graves
Director of Information Systems
Rodda Paint Co.<http://www.roddapaint.com>
6107 N. Marine Drive
Portland, Oregon 97203
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives