i5/OS has a built in packet filter firewall -- you configure this with Ops. Navigator. It is quite effective. You should ensure that only the required ports are open to the outside world. You can also restrict connections to a limited number of IP addresses.

To be absolutely certain about your security, you should install additional security based on exit programs. There are several of these on the market place, indeed we market Fortress/400 ourselves. Check the internet for OS/400 exit program security.

Now you need to secure your web pages. There are several ways of achieving this. The obvious involves digital certificates, but I guess the most important bit is that all users have logged on to the system. With web applications, users do not need to have an i5/OS user profile, instead, "virtual" user profiles can be implemented using a file containing the userID/password combination. When you know who has logged on to the system, you can then display pages appropriate for that user.

Each web conversation should have a "session". In the session you can store information related to the conversation in question, including whether or not the user is logged on.You create your own log on display.

Creating the control software just to handle user security, determine who is authorised to which feature, etc. is time consumming. I use IceBreak (see www.icebreak.org) which simplifies this process considerably, primarily because of the biult in session management, web exit program security (different to that mentioned above), and biult in SQL features. This saves a lot of time and effort, and significantly reduces development costs.

I use RPGLE on the i5 with JavaScript (ExtJs -- see www.extjs.com) on the client. I have software that will do most of what you require. It is a work in progress and is not documented, however, if you are interested I can provide you with a copy of the code. It will only run with IceBreak - it won't work with Apache because it relies heavily on IceBreak features that don't exist in Apache.If you are interested let me know.

Regards
Syd Nicholson


elehti@xxxxxxxxxxxxxxxxxx wrote:
My question to all of you who have public-facing, web-enabled IBM I
machines running your core applications. How do you secure this machine against possible hacking attempts from
outsiders?

If your website has web apps like self-service for your customers and
suppliers, allowing people to view/change data that resides on your
system, how do you protect your machine?
Or do you keep your system off the internet, and web-enable a secondary
file-server machine instead?

I am aware that thousands of banks and credit unions running their
[censored] core banking applications on the IBM I use a "middleware web
server" that acts as a conduit between the bank customer web page and
the System I, thus enabling banking customers to transact their banking
business without needing a different IBM user profile for each bank
customer. The RPGIV programs running on the System I send and receive
customer-specific information via data queues out to the middleware web
server.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.