× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. April 2011

Re: iSeries vs IIS web site

I agree with Nathan on this point. The only thing you exposing to the public is the port pointing to the apache web server. Getting access o the apache web server does not give you access to the database on a properly configured system. Just because MS SQL database sits on a different server from the typical IIS server (I say typical because I have seen IIS sites with MS SQL on the same server as IIS) does not mean it is more secure. There still has to be some communication link between IIS and MS SQL.

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Nathan Andelin
Sent: Tuesday, April 12, 2011 12:38 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] iSeries vs IIS web site

From: John Jones
I'll point out that there is legit concern if the i-based solution
were to keep database, apps, and web services on a single LPAR.

I think that's a common misconception. I believe that centralized architecture tends to be more secure because it's less complex, and easier to manage, particularly under IBM i.

By definition the database server would be in the outer DMZ as that's
where the web servers have to reside to be visible to the outside world.

What is an "outer" DMZ? It appears to me that the only reason for a DMZ is to isolate and hide a private network from a public one. If that's the case, why not just use routers to define your DMZ, rather than using a Web server to define it? I suspect that the idea of placing web servers in one network, and database servers in another caught on simply because Microsoft was promoting it, not because it was actually more secure.

Unfortunately, distributed architecture is so ubiquitous that people naturally fall in line with these unfounded notions about security.

-Nathan

--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.