× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2003

RE: iSeries vs. Unix vs. SQL Server vs. Oracle & Security/Data separation???

We use W2K for web serving with a socket connection to our AS400 to process
request for data.  The W2K server does the HTML and SSL stuff, formats
request and calls a program passing the request.  The program connects to
the AS400, sends the request, receives the response returning it to the ASP
script.  We opened the one port from the DMZ to the internal LAN from the
web severs to the AS400's only.  The listening socket server on the AS400
looks at the first few bytes of the request, request identifier, and spawns
off the correct program to handle the request.  The spawned off job is a PJ
waiting for action.  Very FAST and not a whole lot of CPU on the AS400 side.
I think it is very secure.  You would have to know what the PC program is
and how to format the request to hack into the AS400.  If you try a buffer
attack on the AS400, well the server program is designed to shut down and
re-submit itself via *PSSR.  So any untapped error, dumps, ends, re-starts
the server thus dropping the connection.

Chris Bipes

-----Original Message-----
From: McIntyre Don

I understand the concept and reasoning behind this.

This practice moots the 1 iSeries Server argument. 
'Now I HAVE to have more than one Server to provide
proper security'.  And it doesn't matter if the
deployment server is iSeries (according to the
'Experts')
  
Now what I believe and reality may not be the same in
this case, but here goes...IBM touts the iSeries as
the most secure or securable server on the Market. 
The concept of DMZ, Data separation is a necessity
when using PC Servers, and that this concept and
practice is widely used by PC administrators in order
to secure their vulnerable PC platforms.  They have no
other way.  They don't have an Object based system or
built in security, as the iSeries.

The problem is that if I go to 1 Server as most
respondents in this lists suggest, then I'm going
against the IBM recommendation and I do so at my own
security risk.

I know that nothing is 100% secure, but instead of the
separation, I would like to be advised on how to make
my System secure using one server, as everyone here is
advocating.  And I would also like for IBM to
recognize 1 Server as being a viable option.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.