× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. January 2007

Re: System i web accessibiltiy setup

From: Kevin Touchette <KTouchette@xxxxxxxxxxxx>
We are faced with putting our system I boxes on the web...



Not to be pedantic, but allowing packets to be routed between an internal 
router / firewall to the System i is not precisely putting the System i "on the 
Web", so to speak.  The public IP address should be assigned to a router / 
firewall, not to the System i.

Nobody should be accessing the System i directly from the Internet.  Network 
security should be handled by network devices, such as routers and firewalls, 
while application security should be handled by System i applications, such as 
the Apache based HTTP server, and other applications.

It makes more sense to use network devices to handle network security, rather 
than say inserting a Windows server in the topology, simply because Windows is 
less secure, and adds complexity, but anyone advocating that Web applications 
run under Windows won't go along with that.

Proponents of Windows based Web applications sometimes try to make an issue 
over allowing System i applications to manage application-level authentication 
and authorization, but it simply doesn't make sense.  
They may site consultants reports specifying a "secure topology", using 
distributed application servers, but overall, it doesn't make sense from a 
security perspective, no matter how many respected organizations are promoting 
it.  They're promoting it because they're promoting distributed architectures, 
under the guise of network security, but it doesn't make sense.


Nathan M. Andelin





 
____________________________________________________________________________________
Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.