× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Rather than sending a link that is a full path to a file in the file system and having Apache serve the file, it is far better to pass a link to an executable with an ID in the search part of the link that returns the file as a mime object with inline content. The result to the browser is the same, but using a program prevents the very issue you reference. Using a program, the file never need reside in the file system at all; it can be generated entirely in memory by the called program and streamed to the http port.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-
bounces@xxxxxxxxxxxx] On Behalf Of Charles Wilt
Sent: Monday, January 20, 2014 3:15 PM
To: Midrange Systems Technical Discussion
Subject: Re: Web-to-i Communications questions

Brad,

If you sent a link to the PDF's doesn't that mean that whatever folder the
PDFs are stored in has to be accessable to the web site? That being the
case, couldn't a authorised user play with the URL and pull up somebody
else's PDF?

I suppose if you stored the PDFs in a structure that included subfolders
for every customer, you could lock down that sub folder to the individual
customer...

Charles


On Mon, Jan 20, 2014 at 3:25 PM, Bradley Stone <bvstone@xxxxxxxxx>
wrote:

I would get all the specs first then. If it's all internal in your LAN, it
shouldn't be an issue.

If it's external you can still use SSL (and authentication if you want more
security). Yes, you would need to map an external IP to your internal
machine. Just like you would with any server.

You can set up the server on the i to run on it's own internal IP with it's
own server instance and config file and own ports and authority. If set up
right, any old hacker shouldn't be able to access anything except that
which you give authority to.

Don't think of the i as anything different than any other server (except
it's better! haha).

To answer your question easily and honestly, yes, it can be done. Yes, you
will hear worst case scenario security issues what ifs (that apply to ANY
server you have running, even PCs). If it's that big of a problem, ask
about the possibility to get a separate machine or partition to run this
stuff on (although I don't see a big reason for that.. then you get into
data replication issues which can be bigger headaches.)...

For the PDFs, sending a link to them isn't a big deal, especially if it's
over SSL. You would probably want to protect the PDFs with passwords as
well as access to them should use authentication (homegrown or standard
Apache) as well as SSL.

I'd worry more about the PDF once it's open on the client's machine then
just passing a URL for it. :) Digital copies are too easy to make.

If you know what you're doing, it can be secure. If you wing it, you open
yourself up. I've been doing this for years and ran into many scenarios.
Worst case are just that. And they apply to everything. Do it right and
it works great. :)

Brad
www.bvstools.com




On Mon, Jan 20, 2014 at 12:37 PM, Koester, Michael
<mkoester@xxxxxxxxxxxxx>wrote:

It is not yet known if the web server will be inside our firewall, (my
guess is it may not be), and bank routing and account numbers seem
sensitive to me. And I don't think the business would like their
customers' phone bill images to be available to any old hacker.
Can a web service be set up to be private? How?
-- Michael

From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-
bounces@xxxxxxxxxxxx] On Behalf Of James H. H. Lampert
Sent: Monday, January 20, 2014 1:25 PM
To: Midrange Systems Technical Discussion
Subject: Re: Web-to-i Communications questions

On 1/20/14 10:07 AM, Koester, Michael wrote:
Is there something I should know about how to "actively keep it
private"?
It would not be intentionally published.

Well, the whole issue I was raising (and my apologies if it was already
dealt with earlier in the thread) was whether it would be accessible
from outside your firewall, and under what circumstances, and how
sensitive the information is.

--
JHHL

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.